lap-access-analyzer

Access Analyzer API skill. Use when working with Access Analyzer for archive-rule, policy, access-preview. Covers 35 endpoints.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "lap-access-analyzer" with this command: npx skills add mickmicksh/lap-access-analyzer

Access Analyzer

API version: 2019-11-01

Auth

AWS SigV4

Base URL

Not specified.

Setup

  1. Configure auth: AWS SigV4
  2. GET /analyzed-resource -- verify access
  3. POST /policy/check-access-not-granted -- create first check-access-not-granted

Endpoints

35 endpoints across 10 groups. See references/api-spec.lap for full details.

archive-rule

MethodPathDescription
PUT/archive-ruleRetroactively applies the archive rule to existing findings that meet the archive rule criteria.

policy

MethodPathDescription
PUT/policy/generation/{jobId}Cancels the requested policy generation.
POST/policy/check-access-not-grantedChecks whether the specified access isn't allowed by a policy.
POST/policy/check-no-new-accessChecks whether new access is allowed for an updated policy when compared to the existing policy. You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the IAM Access Analyzer custom policy checks samples repository on GitHub. The reference policies in this repository are meant to be passed to the existingPolicyDocument request parameter.
POST/policy/check-no-public-accessChecks whether a resource policy can grant public access to the specified resource type.
GET/policy/generation/{jobId}Retrieves the policy that was generated using StartPolicyGeneration.
GET/policy/generationLists all of the policy generations requested in the last seven days.
PUT/policy/generationStarts the policy generation request.
POST/policy/validationRequests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.

access-preview

MethodPathDescription
PUT/access-previewCreates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.
GET/access-preview/{accessPreviewId}Retrieves information about an access preview for the specified analyzer.
POST/access-preview/{accessPreviewId}Retrieves a list of access preview findings generated by the specified access preview.
GET/access-previewRetrieves a list of access previews for the specified analyzer.

analyzer

MethodPathDescription
PUT/analyzerCreates an analyzer for your account.
PUT/analyzer/{analyzerName}/archive-ruleCreates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule. To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.
DELETE/analyzer/{analyzerName}Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.
DELETE/analyzer/{analyzerName}/archive-rule/{ruleName}Deletes the specified archive rule.
GET/analyzer/{analyzerName}Retrieves information about the specified analyzer.
GET/analyzer/{analyzerName}/archive-rule/{ruleName}Retrieves information about an archive rule. To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.
GET/analyzerRetrieves a list of analyzers.
GET/analyzer/{analyzerName}/archive-ruleRetrieves a list of archive rules created for the specified analyzer.
PUT/analyzer/{analyzerName}/archive-rule/{ruleName}Updates the criteria and values for the specified archive rule.

recommendation

MethodPathDescription
POST/recommendation/{id}Creates a recommendation for an unused permissions finding.
GET/recommendation/{id}Retrieves information about a finding recommendation for the specified analyzer.

analyzed-resource

MethodPathDescription
GET/analyzed-resourceRetrieves information about a resource that was analyzed.
POST/analyzed-resourceRetrieves a list of resources of the specified type that have been analyzed by the specified external access analyzer. This action is not supported for unused access analyzers.

finding

MethodPathDescription
GET/finding/{id}Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.
POST/findingRetrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action. To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.
PUT/findingUpdates the status for the specified findings.

findingv2

MethodPathDescription
GET/findingv2/{id}Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.
POST/findingv2Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action. To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys in the IAM User Guide.

tags

MethodPathDescription
GET/tags/{resourceArn}Retrieves a list of tags applied to the specified resource.
POST/tags/{resourceArn}Adds a tag to the specified resource.
DELETE/tags/{resourceArn}Removes a tag from the specified resource.

resource

MethodPathDescription
POST/resource/scanImmediately starts a scan of the policies applied to the specified resource.

Common Questions

Match user requests to endpoints in references/api-spec.lap. Key patterns:

  • "Update a generation?" -> PUT /policy/generation/{jobId}
  • "Create a check-access-not-granted?" -> POST /policy/check-access-not-granted
  • "Create a check-no-new-access?" -> POST /policy/check-no-new-access
  • "Create a check-no-public-access?" -> POST /policy/check-no-public-access
  • "Delete a analyzer?" -> DELETE /analyzer/{analyzerName}
  • "Delete a archive-rule?" -> DELETE /analyzer/{analyzerName}/archive-rule/{ruleName}
  • "Get access-preview details?" -> GET /access-preview/{accessPreviewId}
  • "List all analyzed-resource?" -> GET /analyzed-resource
  • "Get analyzer details?" -> GET /analyzer/{analyzerName}
  • "Get archive-rule details?" -> GET /analyzer/{analyzerName}/archive-rule/{ruleName}
  • "Get finding details?" -> GET /finding/{id}
  • "Get recommendation details?" -> GET /recommendation/{id}
  • "Get findingv2 details?" -> GET /findingv2/{id}
  • "Get generation details?" -> GET /policy/generation/{jobId}
  • "List all access-preview?" -> GET /access-preview
  • "Create a analyzed-resource?" -> POST /analyzed-resource
  • "List all analyzer?" -> GET /analyzer
  • "List all archive-rule?" -> GET /analyzer/{analyzerName}/archive-rule
  • "Create a finding?" -> POST /finding
  • "Create a findingv2?" -> POST /findingv2
  • "List all generation?" -> GET /policy/generation
  • "Get tag details?" -> GET /tags/{resourceArn}
  • "Create a scan?" -> POST /resource/scan
  • "Delete a tag?" -> DELETE /tags/{resourceArn}
  • "Update a archive-rule?" -> PUT /analyzer/{analyzerName}/archive-rule/{ruleName}
  • "Create a validation?" -> POST /policy/validation
  • "How to authenticate?" -> See Auth section

Response Tips

  • Check response schemas in references/api-spec.lap for field details
  • Create/update endpoints typically return the created/updated object

References

  • Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas

Generated from the official API spec by LAP

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Wechat Mp Writer

WeChat Official Account (公众号) content writer with article formatting, headline optimization, and engagement tips. Use when you need to write WeChat articles,...

Registry SourceRecently Updated
2670bytesagain
General

OpenClaw EverMemory Installer

Use this skill when installing, upgrading, verifying, or publishing the EverMemory OpenClaw plugin and its companion skill, including local path install, npm...

Registry SourceRecently Updated
721jiehao321
General

Ip Advisor

知识产权顾问。专利、版权、商业秘密、注册流程、保护策略。IP advisor for patents, copyrights, trade secrets. 知识产权、专利、版权。

Registry SourceRecently Updated
1950ckchzh
General

炒股大师模拟器

炒股大师模拟器 | 股市模拟交易练习 | A股/港股/美股投资学习 | 化身文主任/股神老徐/炒股养家/孙宇晨等各位大师学习投资思路 | 多智能体股票讨论群

Registry SourceRecently Updated
351lucasxing1