Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ API Reference/ API/ Access Analyzer/ Analyzers/ Retrieving a List of Analyzers
Updated on 2025-11-06 GMT+08:00
View PDF
Share

Retrieving a List of Analyzers

Function

This API is used to retrieve a list of analyzers.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.

Action

Access Level

Resource Type (*: required)

Condition Key

Alias

Dependencies

AccessAnalyzer:analyzer:list

List

analyzer *

-

-

-

URI

GET /v5/analyzers

Table 1 Query Parameters

Parameter

Mandatory

Type

Description

limit

No

Integer

Maximum number of results on a page

Minimum: 1

Maximum: 200

Default: 100

marker

No

String

Page marker

Minimum: 4

Maximum: 400

type

No

String

Type of an access analyzer.

  • account: account-level external access analyzer

  • organization: organization-level external access analyzer

  • account_unused_access: account-level unused access analyzer

  • organization_unused_access: organization-level unused access analyzer

  • account_privilege_escalation: account-level privilege escalation access analyzer

  • account_iam_best_practice: account-level IAM best practice analyzer

Request Parameters

None

Response Parameters

Status code: 200

Table 2 Response body parameters

Parameter

Type

Description

analyzers

Array of AnalyzerSummary objects

Analyzer list details.

page_info

PageInfo object

Information on the page
Table 3 AnalyzerSummary

Parameter

Type

Description

configuration

AnalyzerConfiguration object

Analyzer settings.

created_at

String

Time when an analyzer is created

id

String

Unique identifier of an analyzer

last_analyzed_resource

String

Unique identifier of the resource that was recently analyzed.

last_resource_analyzed_at

String

Last time when the access was analyzed.

last_all_analyzed_at

String

Last time when all resources were analyzed.

name

String

Name of an analyzer

organization_id

String

Organization ID.

status

String

Status of an access analyzer.

  • active: The analyzer is activated.

  • creating: The analyzer is being created.

  • disabled: The analyzer is disabled.

  • failed: Failed to create the analyzer.

status_reason

StatusReason object

More details about the current status of the analyzer

tags

Array of Tag objects

List of custom tags.

type

String

Type of an access analyzer.

  • account: account-level external access analyzer

  • organization: organization-level external access analyzer

  • account_unused_access: account-level unused access analyzer

  • organization_unused_access: organization-level unused access analyzer

  • account_privilege_escalation: account-level privilege escalation access analyzer

  • account_iam_best_practice: account-level IAM best practice analyzer

urn

String

Unique resource identifier of an analyzer.
Table 4 AnalyzerConfiguration

Parameter

Type

Description

unused_access

unused_access object

Settings of an unused access analyzer.
Table 5 unused_access

Parameter

Type

Description

unused_access_age

Integer

Preset number of days for generating findings.

Minimum: 1

Maximum: 180

Default: 90

unused_analysis_rule

UnusedAnalysisRule object

Unused analysis rule.
Table 6 UnusedAnalysisRule

Parameter

Type

Description

exclusions

Array of UnusedAnalysisRuleCriteria objects

Exclusion rule.
Table 7 UnusedAnalysisRuleCriteria

Parameter

Type

Description

account_ids

Array of strings

Account ID list.

Minimum: 1

Maximum: 36

Array Length: 1 - 2000

resource_tags

Array of Tag objects

Resource tag list.

Array Length: 1 - 20
Table 8 StatusReason

Parameter

Type

Description

code

String

Reason for the analyzer status.

  • delegated_administrator_deregistered: The delegated administrator is not registered.

  • trusted_service_disabled: The trusted service is disabled.

  • internal_error: There is an internal error.

  • organization_deleted: The organization has been deleted.

  • service_linked_agency_creation_failed: The service-linked agency fails to be created.

details

String

Reason details for the status of the analyzer.
Table 9 Tag

Parameter

Type

Description

key

String

Tag key

value

String

String value associated with the tag key.
Table 10 PageInfo

Parameter

Type

Description

current_count

Integer

Number of items on the current page

next_marker

String

If present, it indicates that the available output is more than the output contained in the current response. Use this value in the marker request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this operation until the next_marker response returns null.

Example Requests

Retrieving a list of analyzers

GET https://{hostname}/v5/analyzers

Example Responses

Status code: 200

OK

{
  "analyzers" : [ {
    "created_at" : "2023-09-07T07:26:23.440Z",
    "id" : "{analyzer_id}",
    "last_analyzed_resource" : "iam::{domain_id}:agency:{agency_name}",
    "last_resource_analyzed_at" : "2023-09-07T07:26:23.440Z",
    "name" : "my-analyzer",
    "status" : "active",
    "tags" : [ {
      "key" : "key-1",
      "value" : "value-1"
    } ],
    "type" : "account",
    "urn" : "AccessAnalyzer:{region_id}:{domain_id}:analyzer:{analyzer_id}"
  } ],
  "page_info" : {
    "current_count" : 1,
    "next_marker" : null
  }
}

Status Codes

Status Code

Description

200

OK

Error Codes

See Error Codes.

Parent topic: Analyzers