Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ API Reference/ API/ Access Analyzer/ Analyzers/ Listing the Specified Analyzer
Updated on 2025-11-06 GMT+08:00
View PDF
Share

Listing the Specified Analyzer

Function

This API is used to retrieve information about the specified analyzer.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.

Action

Access Level

Resource Type (*: required)

Condition Key

Alias

Dependencies

AccessAnalyzer:analyzer:get

Read

analyzer *

g:ResourceTag/<tag-key>

-

-

URI

GET /v5/analyzers/{analyzer_id}

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

analyzer_id

Yes

String

Unique identifier of an analyzer

Minimum: 1

Maximum: 36

Request Parameters

None

Response Parameters

Status code: 200

Table 2 Response body parameters

Parameter

Type

Description

analyzer

AnalyzerSummary object

Information about an analyzer
Table 3 AnalyzerSummary

Parameter

Type

Description

configuration

AnalyzerConfiguration object

Analyzer settings.

created_at

String

Time when an analyzer is created

id

String

Unique identifier of an analyzer

last_analyzed_resource

String

Unique identifier of the resource that was recently analyzed.

last_resource_analyzed_at

String

Last time when the access was analyzed.

last_all_analyzed_at

String

Last time when all resources were analyzed.

name

String

Name of an analyzer

organization_id

String

Organization ID.

status

String

Status of an access analyzer.

  • active: The analyzer is activated.

  • creating: The analyzer is being created.

  • disabled: The analyzer is disabled.

  • failed: Failed to create the analyzer.

status_reason

StatusReason object

More details about the current status of the analyzer

tags

Array of Tag objects

List of custom tags.

type

String

Type of an access analyzer.

  • account: account-level external access analyzer

  • organization: organization-level external access analyzer

  • account_unused_access: account-level unused access analyzer

  • organization_unused_access: organization-level unused access analyzer

  • account_privilege_escalation: account-level privilege escalation access analyzer

  • account_iam_best_practice: account-level IAM best practice analyzer

urn

String

Unique resource identifier of an analyzer.
Table 4 AnalyzerConfiguration

Parameter

Type

Description

unused_access

unused_access object

Settings of an unused access analyzer.
Table 5 unused_access

Parameter

Type

Description

unused_access_age

Integer

Preset number of days for generating findings.

Minimum: 1

Maximum: 180

Default: 90

unused_analysis_rule

UnusedAnalysisRule object

Unused analysis rule.
Table 6 UnusedAnalysisRule

Parameter

Type

Description

exclusions

Array of UnusedAnalysisRuleCriteria objects

Exclusion rule.
Table 7 UnusedAnalysisRuleCriteria

Parameter

Type

Description

account_ids

Array of strings

Account ID list.

Minimum: 1

Maximum: 36

Array Length: 1 - 2000

resource_tags

Array of Tag objects

Resource tag list.

Array Length: 1 - 20
Table 8 StatusReason

Parameter

Type

Description

code

String

Reason for the analyzer status.

  • delegated_administrator_deregistered: The delegated administrator is not registered.

  • trusted_service_disabled: The trusted service is disabled.

  • internal_error: There is an internal error.

  • organization_deleted: The organization has been deleted.

  • service_linked_agency_creation_failed: The service-linked agency fails to be created.

details

String

Reason details for the status of the analyzer.
Table 9 Tag

Parameter

Type

Description

key

String

Tag key

value

String

String value associated with the tag key.

Example Requests

Retrieving information about the specified analyzer.

GET https://{hostname}/v5/analyzers/{analyzer_id}

Example Responses

Status code: 200

OK

{
  "analyzer" : {
    "created_at" : "2023-09-07T07:51:10.502Z",
    "id" : "{analyzer_id}",
    "last_analyzed_resource" : "iam::{domain_id}:agency:{agency_name}",
    "last_resource_analyzed_at" : "2023-09-07T07:51:10.502Z",
    "name" : "my-analyzer",
    "status" : "active",
    "tags" : [ {
      "key" : "key-1",
      "value" : "value-1"
    } ],
    "type" : "account",
    "urn" : "AccessAnalyzer:{region_id}:{domain_id}:analyzer:{analyzer_id}"
  }
}

Status Codes

Status Code

Description

200

OK

Error Codes

See Error Codes.

Parent topic: Analyzers