Help Center/ Identity and Access Management_Identity and Access Management (New Edition)/ User Guide/ Access Analyzer/ Setting Access Analyzers/ Managing Findings/ Creating Archive Rules
Updated on 2025-11-07 GMT+08:00
View PDF
Share

Creating Archive Rules

You can create archive rules to automatically archive new findings that meet the specified rules. For example, you can create an archive rule for a specific condition, specific principal, or similar finding. Archive rules automatically archive new findings that meet the criteria you define when you create the rules. You can also apply archive rules retroactively to archive existing findings that meet the archive rules.

You can include up to 100 values in an archive rule.

Procedure

  1. Log in to the new IAM console.
  2. In the navigation pane, choose Access Analyzer > Analyzers Settings.
  3. Click the target access analyzer to go to the details page.
  4. On the Archive Rules tab, click Create Archive Rule.

    Table 1 Creating an archive rule

    Pane

    Parameter Name

    Description

    Archive Details

    Archive Rule Name

    Indicates the name of an archive rule. You can customize a rule name.

    The value can contain 1 to 255 characters. The value can include only letters, digits, underscores (_), hyphens (-), and periods (.) and cannot start with a digit.

    Rule

    Filter key

    Used to filter findings. A filter key can be:

    • Resource: filters findings by resource. You need to enter a resource name.
    • Resource type: filters findings by resource type. You need to select a resource type.
    • Resource owner account: filters findings by account ID of the resource owner. You need to enter part of the ID.
    • Public access: filters findings by resources that allow public access. You need to set Operator to Is and Value to true or false.
    • Principal type: filters findings by principal type.
    • Principal identifier: filters findings by principal identifier.
    • Principal URN: filters findings by principal URN. You need to enter complete or partial URN of an IAM user, agency, trust agency, or user group of the external principal.
    • Principal ID: filters findings by principal ID. You need to enter a principal ID.
    • Principal organization ID: filters findings by principal organization ID. You need to enter a principal organization ID.
    • Principal organization path: filters findings by principal organization path. You need to enter a principal organization path.
    • Source IP address: filters findings by source IP address. You need to enter an IP address.
    • Source VPC: filters findings by source VPC. You need to enter a VPC ID.
    • Findings Type: filters findings by findings type. This filter is only available for unused and best-practice access findings.

    Operator

    Indicates the operator for a property.

    The filter key can be any of the following string types:

    • Equals: checks whether the corresponding field value in the finding is equal to the specified value. If yes, the finding would be archived.
    • Not Equals: checks whether the corresponding field value in the finding is not equal to the specified value. If yes, the finding would be archived.
    • Contains: If the specified value is contained in any character string in the finding, the finding would be archived.
    • Exists: If the specified filter key exists in the finding, the finding would be archived.
    • Does not exist: If the specified filter key does not exist in the finding, the finding would be archived.
    • Is: checks whether the corresponding field value in the finding is the specified value. If yes, the finding would be archived.
    • Is not: checks whether the corresponding field value in the finding is not the specified value. If yes, the finding would be archived.

    The filter key can be any of the following boolean types:

    • Is
      • If the value is true and the corresponding field value in the finding meets the criteria defined by the rule, the finding would be archived.
      • If the value is false and the corresponding field value in the finding does not meet the criteria defined by the rule, the finding would be archived.

    Value

    Indicates the value you include in the filter for the rule. If the filter key is of the string type, you can customize the value. If the filter key is of the boolean type, the value can be either true or false.

    Results

    -

    Displays the findings that comply with the archive rule.
    Figure 1 Creating an archive rule

  5. Click Create Rule and Archive Findings.

Modifying an Archive Rule

  1. Log in to the new IAM console.
  2. In the navigation pane, choose Access Analyzer > Analyzers Settings.
  3. Click the target access analyzer to go to the details page.
  4. Select a target rule and click Modify above the list.

    Figure 2 Modifying an archive rule

  5. Modify the rule and click Save Change and Archive Findings.

Deleting Archive Rules

  1. Log in to the new IAM console.
  2. In the navigation pane, choose Access Analyzer > Analyzers Settings.
  3. Click the target access analyzer to go to the details page.
  4. Select one or more target rules and click Delete above the list.

    Figure 3 Deleting an archive rule

  5. Confirm the archive rule, enter DELETE in the text box, and click OK.

    Figure 4 Confirming the archive rule

Parent topic: Managing Findings