in cfn_policy_validator/validation/validator.py [0:0]
def __init__(self, account_id, region, partition):
self.findings = Findings()
self.access_analyzer_name = 'AnalyzerCreatedByCfnIAMPolicyValidator'
self.analyzer_arn = None
self.client = client.build('accessanalyzer', region)
# preview builders are used to build the access preview configuration for an individual resource type
# a preview builder must be added to add support for access previews for a given resource
self.preview_builders = {
'AWS::SQS::Queue': SqsQueuePreviewBuilder(account_id, region, partition),
'AWS::KMS::Key': KmsKeyPreviewBuilder(account_id, region, partition),
'AWS::S3::AccessPoint': S3SingleRegionAccessPointPreviewBuilder(account_id, region, partition),
'AWS::S3::MultiRegionAccessPoint': S3MultiRegionAccessPointPreviewBuilder(account_id, partition),
'AWS::S3::Bucket': S3BucketPreviewBuilder(partition),
'AWS::IAM::Role::TrustPolicy': RoleTrustPolicyPreviewBuilder(account_id, partition),
'AWS::SecretsManager::Secret': SecretsManagerSecretPreviewBuilder(account_id, region, partition)
}
# maps the resource type to the parameter for validate_policy that enables service specific policy validation
# not all services have service specific policy validation. The names may be identical for now, but we don't
# want to rely on that
self.service_specific_policy_validation = {
'AWS::S3::Bucket': 'AWS::S3::Bucket',
'AWS::S3::AccessPoint': 'AWS::S3::AccessPoint',
'AWS::S3::MultiRegionAccessPoint': 'AWS::S3::MultiRegionAccessPoint'
}
self.maximum_number_of_access_preview_attempts = 150
self._try_create_analyzer()