Skip to main content

Amazon Access Analyzer

Amazon Web Services

Integrates with AWS IAM Access Analyzer to retrieve findings that flag resources granting access to external (cross-account) or public principals — S3 buckets, IAM roles, KMS keys, Lambda functions, Secrets Manager secrets, SQS queues, and more. For each configured AWS account and region the connector lists the account's analyzers and walks every finding under them. It emits two paired models: a Finding per raw finding occurrence, and a synthetic FindingDefinition per exposure shape (resourceType + isPublic). Both models are served from a single API-response cache per sync so the Access Analyzer API is called only once even though the two models sync independently.

Data retrieved from Amazon Access Analyzer

Connector ObjectRequiredMaps to Data Model
FindingYesFinding
FindingDefinitionYesFinding Definition
note

For detailed steps on how to view the data retrieved from Amazon Access Analyzer in the Brinqa Platform, see How to view your data.