/AWS1/IF_AAN=>CREATEACCESSPREVIEW()¶
About CreateAccessPreview¶
Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.
Method Signature¶
METHODS /AWS1/IF_AAN~CREATEACCESSPREVIEW
IMPORTING
!IV_ANALYZERARN TYPE /AWS1/AANANALYZERARN OPTIONAL
!IT_CONFIGURATIONS TYPE /AWS1/CL_AANCONFIGURATION=>TT_CONFIGURATIONSMAP OPTIONAL
!IV_CLIENTTOKEN TYPE /AWS1/AANSTRING OPTIONAL
RETURNING
VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_aancreaccpreviewrsp
RAISING
/AWS1/CX_AANACCESSDENIEDEX
/AWS1/CX_AANCONFLICTEXCEPTION
/AWS1/CX_AANINTERNALSERVEREX
/AWS1/CX_AANRESOURCENOTFOUNDEX
/AWS1/CX_AANSERVICEQUOTAEXCDEX
/AWS1/CX_AANTHROTTLINGEX
/AWS1/CX_AANVALIDATIONEX
/AWS1/CX_AANCLIENTEXC
/AWS1/CX_AANSERVEREXC
/AWS1/CX_RT_TECHNICAL_GENERIC
/AWS1/CX_RT_SERVICE_GENERIC.
IMPORTING¶
Required arguments:¶
iv_analyzerarn TYPE /AWS1/AANANALYZERARN /AWS1/AANANALYZERARN¶
The ARN of the account analyzer used to generate the access preview. You can only create an access preview for analyzers with an
Accounttype andActivestatus.
it_configurations TYPE /AWS1/CL_AANCONFIGURATION=>TT_CONFIGURATIONSMAP TT_CONFIGURATIONSMAP¶
Access control configuration for your resource that is used to generate the access preview. The access preview includes findings for external access allowed to the resource with the proposed access control configuration. The configuration must contain exactly one element.
Optional arguments:¶
iv_clienttoken TYPE /AWS1/AANSTRING /AWS1/AANSTRING¶
A client token.
RETURNING¶
oo_output TYPE REF TO /aws1/cl_aancreaccpreviewrsp /AWS1/CL_AANCREACCPREVIEWRSP¶
Examples¶
Syntax Example¶
This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.
DATA(lo_result) = lo_client->createaccesspreview(
it_configurations = VALUE /aws1/cl_aanconfiguration=>tt_configurationsmap(
(
VALUE /aws1/cl_aanconfiguration=>ts_configurationsmap_maprow(
value = new /aws1/cl_aanconfiguration(
io_dynamodbstream = new /aws1/cl_aandynamodbstreamconf( |string| )
io_dynamodbtable = new /aws1/cl_aandynamodbtableconf( |string| )
io_ebssnapshot = new /aws1/cl_aanebssnapshotconf(
it_groups = VALUE /aws1/cl_aanebsgrouplist_w=>tt_ebsgrouplist(
( new /aws1/cl_aanebsgrouplist_w( |string| ) )
)
it_userids = VALUE /aws1/cl_aanebsuseridlist_w=>tt_ebsuseridlist(
( new /aws1/cl_aanebsuseridlist_w( |string| ) )
)
iv_kmskeyid = |string|
)
io_ecrrepository = new /aws1/cl_aanecrrepositoryconf( |string| )
io_efsfilesystem = new /aws1/cl_aanefsfilesystemconf( |string| )
io_iamrole = new /aws1/cl_aaniamroleconf( |string| )
io_kmskey = new /aws1/cl_aankmskeyconf(
it_grants = VALUE /aws1/cl_aankmsgrantconf=>tt_kmsgrantconfigurationslist(
(
new /aws1/cl_aankmsgrantconf(
io_constraints = new /aws1/cl_aankmsgrantcnstrnts(
it_encryptioncontextequals = VALUE /aws1/cl_aankmscnstrntsmap_w=>tt_kmsconstraintsmap(
(
VALUE /aws1/cl_aankmscnstrntsmap_w=>ts_kmsconstraintsmap_maprow(
value = new /aws1/cl_aankmscnstrntsmap_w( |string| )
key = |string|
)
)
)
it_encryptioncontextsubset = VALUE /aws1/cl_aankmscnstrntsmap_w=>tt_kmsconstraintsmap(
(
VALUE /aws1/cl_aankmscnstrntsmap_w=>ts_kmsconstraintsmap_maprow(
value = new /aws1/cl_aankmscnstrntsmap_w( |string| )
key = |string|
)
)
)
)
it_operations = VALUE /aws1/cl_aankmsgrantopslist_w=>tt_kmsgrantoperationslist(
( new /aws1/cl_aankmsgrantopslist_w( |string| ) )
)
iv_granteeprincipal = |string|
iv_issuingaccount = |string|
iv_retiringprincipal = |string|
)
)
)
it_keypolicies = VALUE /aws1/cl_aankmskeypolmap_w=>tt_kmskeypoliciesmap(
(
VALUE /aws1/cl_aankmskeypolmap_w=>ts_kmskeypoliciesmap_maprow(
value = new /aws1/cl_aankmskeypolmap_w( |string| )
key = |string|
)
)
)
)
io_rdsdbclustersnapshot = new /aws1/cl_aanrdsdbclustsnapconf(
it_attributes = VALUE /aws1/cl_aanrdsdbclstsnapatt00=>tt_rdsdbclustersnapattrsmap(
(
VALUE /aws1/cl_aanrdsdbclstsnapatt00=>ts_rdsdbclstsnapattrs00_maprow(
key = |string|
value = new /aws1/cl_aanrdsdbclstsnapatt00(
it_accountids = VALUE /aws1/cl_aanrdsdbclstsnapaci00=>tt_rdsdbclustsnapacctidslist(
( new /aws1/cl_aanrdsdbclstsnapaci00( |string| ) )
)
)
)
)
)
iv_kmskeyid = |string|
)
io_rdsdbsnapshot = new /aws1/cl_aanrdsdbsnapshotconf(
it_attributes = VALUE /aws1/cl_aanrdsdbsnapattrvalue=>tt_rdsdbsnapshotattributesmap(
(
VALUE /aws1/cl_aanrdsdbsnapattrvalue=>ts_rdsdbsnapattrsmap_maprow(
key = |string|
value = new /aws1/cl_aanrdsdbsnapattrvalue(
it_accountids = VALUE /aws1/cl_aanrdsdbsnapacidsls00=>tt_rdsdbsnapshotaccountidslist(
( new /aws1/cl_aanrdsdbsnapacidsls00( |string| ) )
)
)
)
)
)
iv_kmskeyid = |string|
)
io_s3bucket = new /aws1/cl_aans3bucketconf(
io_bucketpublicaccessblock = new /aws1/cl_aans3pubaccblockconf(
iv_ignorepublicacls = ABAP_TRUE
iv_restrictpublicbuckets = ABAP_TRUE
)
it_accesspoints = VALUE /aws1/cl_aans3accesspointconf=>tt_s3accesspointconfsmap(
(
VALUE /aws1/cl_aans3accesspointconf=>ts_s3accpointconfsmap_maprow(
key = |string|
value = new /aws1/cl_aans3accesspointconf(
io_networkorigin = new /aws1/cl_aannetworkoriginconf(
io_internetconfiguration = new /aws1/cl_aaninternetconf( )
io_vpcconfiguration = new /aws1/cl_aanvpcconfiguration( |string| )
)
io_publicaccessblock = new /aws1/cl_aans3pubaccblockconf(
iv_ignorepublicacls = ABAP_TRUE
iv_restrictpublicbuckets = ABAP_TRUE
)
iv_accesspointpolicy = |string|
)
)
)
)
it_bucketaclgrants = VALUE /aws1/cl_aans3bktaclgrantconf=>tt_s3bucketaclgrantconfslist(
(
new /aws1/cl_aans3bktaclgrantconf(
io_grantee = new /aws1/cl_aanaclgrantee(
iv_id = |string|
iv_uri = |string|
)
iv_permission = |string|
)
)
)
iv_bucketpolicy = |string|
)
io_s3expressdirectorybucket = new /aws1/cl_aans3expressdirecto00(
it_accesspoints = VALUE /aws1/cl_aans3expressdirecto01=>tt_s3expressdirectoryaccptco00(
(
VALUE /aws1/cl_aans3expressdirecto01=>ts_s3expressdirectory00_maprow(
key = |string|
value = new /aws1/cl_aans3expressdirecto01(
io_networkorigin = new /aws1/cl_aannetworkoriginconf(
io_internetconfiguration = new /aws1/cl_aaninternetconf( )
io_vpcconfiguration = new /aws1/cl_aanvpcconfiguration( |string| )
)
iv_accesspointpolicy = |string|
)
)
)
)
iv_bucketpolicy = |string|
)
io_secretsmanagersecret = new /aws1/cl_aansecretsmanagerse00(
iv_kmskeyid = |string|
iv_secretpolicy = |string|
)
io_snstopic = new /aws1/cl_aansnstopicconf( |string| )
io_sqsqueue = new /aws1/cl_aansqsqueueconf( |string| )
)
key = |string|
)
)
)
iv_analyzerarn = |string|
iv_clienttoken = |string|
).
This is an example of reading all possible response values
lo_result = lo_result.
IF lo_result IS NOT INITIAL.
lv_accesspreviewid = lo_result->get_id( ).
ENDIF.