AwsIamGroupTemplate
See Template Schema Validation to learn how to validate templates automatically in your IDE.
Description
A base model class that provides additional helper methods and configurations for other models used in IAMbic.
Properties
included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
template_type(string): Default:"NOQ::AWS::IAM::Group".template_schema_url(string): Default:"https://docs.iambic.org/reference/schemas/aws_iam_group_template".owner(string): Owner of the group.notes(string)iambic_managed: Controls the directionality of Iambic changes. Default:"undefined".- All of
- : Refer to #/definitions/IambicManaged.
- All of
identifier(string)properties: Properties of the group.- All of
- : Refer to #/definitions/GroupProperties.
- All of
Definitions
IambicManaged: An enumeration. Must be one of:["undefined", "read_and_write", "import_only", "enforced", "disabled"].
Path(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
ManagedPolicyRef(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
policy_arn(string, required)policy_name(string)
Principal(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.aws- Any of
- string
- array
- Items (string)
- Any of
service- Any of
- string
- array
- Items (string)
- Any of
canonical_user- Any of
- string
- array
- Items (string)
- Any of
federated- Any of
- string
- array
- Items (string)
- Any of
PolicyStatement(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
effect(string, required): Allow | Deny.principal- Any of
- : Refer to #/definitions/Principal.
- string
- Any of
not_principal- Any of
- : Refer to #/definitions/Principal.
- string
- Any of
action: A single regex or list of regexes. Values are the actions that can be performed on the resources in the policy statement.- Any of
- array
- Items (string)
- string
- array
- Any of
not_action: An advanced policy element that explicitly matches everything except the specified list of actions.DON'T use this with effect: allow in the same statement OR policy.- Any of
- array
- Items (string)
- string
- array
- Any of
resource: A single regex or list of regexes. Values specified are the resources the statement applies to.- Any of
- array
- Items (string)
- string
- array
- Any of
not_resource: An advanced policy element that explicitly matches every resource except those specified.DON'T use this with effect: allow and action: '*'.- Any of
- array
- Items (string)
- string
- array
- Any of
condition(object): An optional set of conditions to determine of the policy applies to a resource.sid(string): The Policy Statement ID.
PolicyDocument(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
policy_name(string, required): The name of the policy.version(string)statement: List of policy statements.- Any of
- array
- Items: Refer to #/definitions/PolicyStatement.
- : Refer to #/definitions/PolicyStatement.
- array
- Any of
id(string): The Id element specifies an optional identifier for the policy. The ID is used differently in different services.
GroupProperties(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.group_name(string, required): Name of the group.path: Default:"/".- Any of
- string
- array
- Items: Refer to #/definitions/Path.
- Any of
managed_policies(array): Managed policy arns attached to the group. Default:[].- Items: Refer to #/definitions/ManagedPolicyRef.
inline_policies(array): List of the group's inline policies. Default:[].- Items: Refer to #/definitions/PolicyDocument.