accessanalyzer/aws.sdk.kotlin.services.accessanalyzer/AccessAnalyzerClient/checkAccessNotGranted

checkAccessNotGranted

abstract suspend fun checkAccessNotGranted(input: CheckAccessNotGrantedRequest): CheckAccessNotGrantedResponse

Checks whether the specified access isn't allowed by a policy.

Samples

import aws.sdk.kotlin.services.accessanalyzer.model.Access
import aws.sdk.kotlin.services.accessanalyzer.model.AccessCheckPolicyType

fun main() { 
   //sampleStart 
   // Passing check. Restrictive identity policy.
val resp = accessAnalyzerClient.checkAccessNotGranted {
    access = listOf<Access>(
        Access {
            actions = listOf<String>(
                "s3:PutObject"
            )
        }            
    )
    policyDocument = "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:GetObject\",\"Resource\":\"*\"}]}"
    policyType = AccessCheckPolicyType.fromValue("RESOURCE_POLICY")
} 
   //sampleEnd
}
import aws.sdk.kotlin.services.accessanalyzer.model.Access
import aws.sdk.kotlin.services.accessanalyzer.model.AccessCheckPolicyType

fun main() { 
   //sampleStart 
   // Passing check. Restrictive S3 Bucket resource policy.
val resp = accessAnalyzerClient.checkAccessNotGranted {
    access = listOf<Access>(
        Access {
            resources = listOf<String>(
                "arn:aws:s3:::sensitive-bucket/*"
            )
        }            
    )
    policyDocument = "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::non-sensitive-bucket/*\"}]}"
    policyType = AccessCheckPolicyType.fromValue("RESOURCE_POLICY")
} 
   //sampleEnd
}
import aws.sdk.kotlin.services.accessanalyzer.model.Access
import aws.sdk.kotlin.services.accessanalyzer.model.AccessCheckPolicyType

fun main() { 
   //sampleStart 
   // Failing check. Permissive S3 Bucket resource policy.
val resp = accessAnalyzerClient.checkAccessNotGranted {
    access = listOf<Access>(
        Access {
            resources = listOf<String>(
                "arn:aws:s3:::my-bucket/*"
            )
        }            
    )
    policyDocument = "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::my-bucket/*\"}]}"
    policyType = AccessCheckPolicyType.fromValue("RESOURCE_POLICY")
} 
   //sampleEnd
}
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka