Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ API Reference/ API/ Access Analyzer/ Analyzers/ Starting Policy Scan for Specified Resources
Updated on 2025-11-06 GMT+08:00
View PDF
Share

Starting Policy Scan for Specified Resources

Function

This API is used to immediately start a scan of the policies applied to the specified resource.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.

Action

Access Level

Resource Type (*: required)

Condition Key

Alias

Dependencies

AccessAnalyzer:analyzer:scan

Write

analyzer *

g:ResourceTag/<tag-key>

-

-

URI

POST /v5/analyzers/{analyzer_id}/scan

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

analyzer_id

Yes

String

Unique identifier of an analyzer

Minimum: 1

Maximum: 36

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

resource_id

No

String

Unique identifier of a resource

Minimum: 1

Maximum: 36

resource_owner_account

Yes

String

ID of the account that owns resources.

resource_project_id

No

String

Identifier of the project that the resource belongs to.

Maximum: 36

resource_urn

Yes

String

Unique identifier of a resource.

finding_type

No

String

Finding type.

  • external_access: external access

  • privilege_escalation: privilege escalation

  • unused_iam_user_access_key: unused access key

  • unused_iam_user_password: unused password

  • unused_permission: unused permission

  • unused_iam_agency: unused agency

  • iam_bp_root_user_has_access_key: an AK/SK pair is bound to the root user

  • iam_bp_access_api_with_password: APIs access using passwords

  • iam_bp_login_protection_disabled: login protection disabled

  • iam_bp_mfa_unconfigured: MFA not added

  • iam_bp_assign_high_risk_sys_policy_or_role_to_user: high-risk system-defined policies or roles attached to users

  • iam_bp_attach_high_risk_sys_identity_policy_to_user: high-risk system-defined identity policies attached to users

  • iam_bp_assign_high_risk_sys_policy_or_role_to_agency: high-risk system-defined policies or roles attached to agencies

  • iam_bp_attach_high_risk_sys_identity_policy_to_agency: high-risk system-defined identity policies attached to agencies

Response Parameters

Status code: 200

OK

None

Example Requests

Immediately starting a scan of the policies applied to the specified resource

POST https://{hostname}/v5/analyzers/{analyzer_id}/scan

{
  "resource_owner_account" : "{analyzer_id}",
  "resource_urn" : "iam::{domain_id}:agency:{agency_name}",
  "resource_id" : "{agency_id}"
}

Example Responses

None

Status Codes

Status Code

Description

200

OK

Error Codes

See Error Codes.

Parent topic: Analyzers