accessanalyzer/aws.sdk.kotlin.services.accessanalyzer.model/InternalAccessDetails/resourceControlPolicyRestriction

resourceControlPolicyRestriction

val resourceControlPolicyRestriction: ResourceControlPolicyRestriction?

The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

  • APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLICABLE, then s3:DeleteObject would still be included in the list of actions for the finding. Only applicable to internal access findings with the account as the zone of trust.

  • FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.

  • NOT_APPLICABLE: There was no RCP present in the organization. For internal access findings with the account as the zone of trust, NOT_APPLICABLE could also indicate that there was no RCP applicable to the resource.

  • APPLIED: An RCP is present in the organization and IAM Access Analyzer included it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLIED, then s3:DeleteObject would not be included in the list of actions for the finding. Only applicable to internal access findings with the organization as the zone of trust.

© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka