| Copyright | (c) 2013-2021 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
Amazonka.IAM.GetServiceLastAccessedDetails
Description
Retrieves a service last accessed report that was created using the
GenerateServiceLastAccessedDetails operation. You can use the JobId
parameter in GetServiceLastAccessedDetails to retrieve the status of
your report job. When the report is complete, you can retrieve the
generated report. The report includes a list of Amazon Web Services
services that the resource (user, group, role, or managed policy) can
access.
Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For each service that the resource could access using permissions
policies, the operation returns details about the most recent access
attempt. If there was no attempt, the service is listed without details
about the most recent attempt to access the service. If the operation
fails, the GetServiceLastAccessedDetails operation returns the reason
that it failed.
The GetServiceLastAccessedDetails operation returns a list of
services. This list includes the number of entities that have attempted
to access the service and the date and time of the last attempt. It also
returns the ARN of the following entity, depending on the resource ARN
that you used to generate the report:
- User – Returns the user ARN that you used to generate the report
- Group – Returns the ARN of the group member (user) that last attempted to access the service
- Role – Returns the role ARN that you used to generate the report
- Policy – Returns the ARN of the user or role that last used the policy to attempt to access the service
By default, the list is sorted by service namespace.
If you specified ACTION_LEVEL granularity when you generated the
report, this operation returns service and action last accessed data.
This includes the most recent access attempt for each tracked action
within a service. Otherwise, this operation returns only service data.
For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.
Synopsis
- data GetServiceLastAccessedDetails = GetServiceLastAccessedDetails' {}
- newGetServiceLastAccessedDetails :: Text -> GetServiceLastAccessedDetails
- getServiceLastAccessedDetails_marker :: Lens' GetServiceLastAccessedDetails (Maybe Text)
- getServiceLastAccessedDetails_maxItems :: Lens' GetServiceLastAccessedDetails (Maybe Natural)
- getServiceLastAccessedDetails_jobId :: Lens' GetServiceLastAccessedDetails Text
- data GetServiceLastAccessedDetailsResponse = GetServiceLastAccessedDetailsResponse' {}
- newGetServiceLastAccessedDetailsResponse :: Int -> JobStatusType -> UTCTime -> UTCTime -> GetServiceLastAccessedDetailsResponse
- getServiceLastAccessedDetailsResponse_jobType :: Lens' GetServiceLastAccessedDetailsResponse (Maybe AccessAdvisorUsageGranularityType)
- getServiceLastAccessedDetailsResponse_error :: Lens' GetServiceLastAccessedDetailsResponse (Maybe ErrorDetails)
- getServiceLastAccessedDetailsResponse_marker :: Lens' GetServiceLastAccessedDetailsResponse (Maybe Text)
- getServiceLastAccessedDetailsResponse_isTruncated :: Lens' GetServiceLastAccessedDetailsResponse (Maybe Bool)
- getServiceLastAccessedDetailsResponse_httpStatus :: Lens' GetServiceLastAccessedDetailsResponse Int
- getServiceLastAccessedDetailsResponse_jobStatus :: Lens' GetServiceLastAccessedDetailsResponse JobStatusType
- getServiceLastAccessedDetailsResponse_jobCreationDate :: Lens' GetServiceLastAccessedDetailsResponse UTCTime
- getServiceLastAccessedDetailsResponse_servicesLastAccessed :: Lens' GetServiceLastAccessedDetailsResponse [ServiceLastAccessed]
- getServiceLastAccessedDetailsResponse_jobCompletionDate :: Lens' GetServiceLastAccessedDetailsResponse UTCTime
Creating a Request
data GetServiceLastAccessedDetails Source #
See: newGetServiceLastAccessedDetails smart constructor.
Constructors
| GetServiceLastAccessedDetails' | |
Fields
| |
Instances
newGetServiceLastAccessedDetails Source #
Create a value of GetServiceLastAccessedDetails with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:marker:GetServiceLastAccessedDetails', getServiceLastAccessedDetails_marker - Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you received to
indicate where the next call should start.
$sel:maxItems:GetServiceLastAccessedDetails', getServiceLastAccessedDetails_maxItems - Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to
100. Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the
subsequent call that tells the service where to continue from.
$sel:jobId:GetServiceLastAccessedDetails', getServiceLastAccessedDetails_jobId - The ID of the request generated by the
GenerateServiceLastAccessedDetails operation. The JobId returned by
GenerateServiceLastAccessedDetail must be used by the same role within
a session, or by the same user when used to call
GetServiceLastAccessedDetail.
Request Lenses
getServiceLastAccessedDetails_marker :: Lens' GetServiceLastAccessedDetails (Maybe Text) Source #
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you received to
indicate where the next call should start.
getServiceLastAccessedDetails_maxItems :: Lens' GetServiceLastAccessedDetails (Maybe Natural) Source #
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to
100. Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the
subsequent call that tells the service where to continue from.
getServiceLastAccessedDetails_jobId :: Lens' GetServiceLastAccessedDetails Text Source #
The ID of the request generated by the
GenerateServiceLastAccessedDetails operation. The JobId returned by
GenerateServiceLastAccessedDetail must be used by the same role within
a session, or by the same user when used to call
GetServiceLastAccessedDetail.
Destructuring the Response
data GetServiceLastAccessedDetailsResponse Source #
See: newGetServiceLastAccessedDetailsResponse smart constructor.
Constructors
| GetServiceLastAccessedDetailsResponse' | |
Fields
| |
Instances
newGetServiceLastAccessedDetailsResponse Source #
Arguments
| :: Int | |
| -> JobStatusType | |
| -> UTCTime | |
| -> UTCTime |
|
| -> GetServiceLastAccessedDetailsResponse |
Create a value of GetServiceLastAccessedDetailsResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:jobType:GetServiceLastAccessedDetailsResponse', getServiceLastAccessedDetailsResponse_jobType - The type of job. Service jobs return information about when each service
was last accessed. Action jobs also include information about when
tracked actions within the service were last accessed.
$sel:error:GetServiceLastAccessedDetailsResponse', getServiceLastAccessedDetailsResponse_error - An object that contains details about the reason the operation failed.
$sel:marker:GetServiceLastAccessedDetails', getServiceLastAccessedDetailsResponse_marker - When IsTruncated is true, this element is present and contains the
value to use for the Marker parameter in a subsequent pagination
request.
$sel:isTruncated:GetServiceLastAccessedDetailsResponse', getServiceLastAccessedDetailsResponse_isTruncated - A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when
there are more results available. We recommend that you check
IsTruncated after every call to ensure that you receive all your
results.
$sel:httpStatus:GetServiceLastAccessedDetailsResponse', getServiceLastAccessedDetailsResponse_httpStatus - The response's http status code.
$sel:jobStatus:GetServiceLastAccessedDetailsResponse', getServiceLastAccessedDetailsResponse_jobStatus - The status of the job.
$sel:jobCreationDate:GetServiceLastAccessedDetailsResponse', getServiceLastAccessedDetailsResponse_jobCreationDate - The date and time,
in ISO 8601 date-time format, when the
report job was created.
$sel:servicesLastAccessed:GetServiceLastAccessedDetailsResponse', getServiceLastAccessedDetailsResponse_servicesLastAccessed - A ServiceLastAccessed object that contains details about the most
recent attempt to access the service.
$sel:jobCompletionDate:GetServiceLastAccessedDetailsResponse', getServiceLastAccessedDetailsResponse_jobCompletionDate - The date and time,
in ISO 8601 date-time format, when the
generated report job was completed or failed.
This field is null if the job is still in progress, as indicated by a
job status value of IN_PROGRESS.
Response Lenses
getServiceLastAccessedDetailsResponse_jobType :: Lens' GetServiceLastAccessedDetailsResponse (Maybe AccessAdvisorUsageGranularityType) Source #
The type of job. Service jobs return information about when each service was last accessed. Action jobs also include information about when tracked actions within the service were last accessed.
getServiceLastAccessedDetailsResponse_error :: Lens' GetServiceLastAccessedDetailsResponse (Maybe ErrorDetails) Source #
An object that contains details about the reason the operation failed.
getServiceLastAccessedDetailsResponse_marker :: Lens' GetServiceLastAccessedDetailsResponse (Maybe Text) Source #
When IsTruncated is true, this element is present and contains the
value to use for the Marker parameter in a subsequent pagination
request.
getServiceLastAccessedDetailsResponse_isTruncated :: Lens' GetServiceLastAccessedDetailsResponse (Maybe Bool) Source #
A flag that indicates whether there are more items to return. If your
results were truncated, you can make a subsequent pagination request
using the Marker request parameter to retrieve more items. Note that
IAM might return fewer than the MaxItems number of results even when
there are more results available. We recommend that you check
IsTruncated after every call to ensure that you receive all your
results.
getServiceLastAccessedDetailsResponse_httpStatus :: Lens' GetServiceLastAccessedDetailsResponse Int Source #
The response's http status code.
getServiceLastAccessedDetailsResponse_jobStatus :: Lens' GetServiceLastAccessedDetailsResponse JobStatusType Source #
The status of the job.
getServiceLastAccessedDetailsResponse_jobCreationDate :: Lens' GetServiceLastAccessedDetailsResponse UTCTime Source #
The date and time, in ISO 8601 date-time format, when the report job was created.
getServiceLastAccessedDetailsResponse_servicesLastAccessed :: Lens' GetServiceLastAccessedDetailsResponse [ServiceLastAccessed] Source #
A ServiceLastAccessed object that contains details about the most
recent attempt to access the service.
getServiceLastAccessedDetailsResponse_jobCompletionDate :: Lens' GetServiceLastAccessedDetailsResponse UTCTime Source #
The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed.
This field is null if the job is still in progress, as indicated by a
job status value of IN_PROGRESS.