accessanalyzer/aws.sdk.kotlin.services.accessanalyzer.model/ExternalAccessDetails/resourceControlPolicyRestriction

resourceControlPolicyRestriction

val resourceControlPolicyRestriction: ResourceControlPolicyRestriction?

The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

  • APPLICABLE: There is an RCP present in the organization but IAM Access Analyzer does not include it in the evaluation of effective permissions. For example, if s3:DeleteObject is blocked by the RCP and the restriction is APPLICABLE, then s3:DeleteObject would still be included in the list of actions for the finding.

  • FAILED_TO_EVALUATE_RCP: There was an error evaluating the RCP.

  • NOT_APPLICABLE: There was no RCP present in the organization, or there was no RCP applicable to the resource. For example, the resource being analyzed is an Amazon RDS snapshot and there is an RCP in the organization, but the RCP only impacts Amazon S3 buckets.

  • APPLIED: This restriction is not currently available for external access findings.