AwsIamManagedPolicyTemplate
See Template Schema Validation to learn how to validate templates automatically in your IDE.
Description
A base model class that provides additional helper methods and configurations for other models used in IAMbic.
Properties
included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
template_type(string): Default:"NOQ::AWS::IAM::ManagedPolicy".template_schema_url(string): Default:"https://docs.iambic.org/reference/schemas/aws_iam_managed_policy_template".owner(string)notes(string)iambic_managed: Controls the directionality of Iambic changes. Default:"undefined".- All of
- : Refer to #/definitions/IambicManaged.
- All of
identifier(string)properties: The properties of the managed policy.- All of
- : Refer to #/definitions/ManagedPolicyProperties.
- All of
Definitions
IambicManaged: An enumeration. Must be one of:["undefined", "read_and_write", "import_only", "enforced", "disabled"].
Path(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
Description(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
description(string): Default:"".
Principal(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.aws- Any of
- string
- array
- Items (string)
- Any of
service- Any of
- string
- array
- Items (string)
- Any of
canonical_user- Any of
- string
- array
- Items (string)
- Any of
federated- Any of
- string
- array
- Items (string)
- Any of
PolicyStatement(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
effect(string, required): Allow | Deny.principal- Any of
- : Refer to #/definitions/Principal.
- string
- Any of
not_principal- Any of
- : Refer to #/definitions/Principal.
- string
- Any of
action: A single regex or list of regexes. Values are the actions that can be performed on the resources in the policy statement.- Any of
- array
- Items (string)
- string
- array
- Any of
not_action: An advanced policy element that explicitly matches everything except the specified list of actions.DON'T use this with effect: allow in the same statement OR policy.- Any of
- array
- Items (string)
- string
- array
- Any of
resource: A single regex or list of regexes. Values specified are the resources the statement applies to.- Any of
- array
- Items (string)
- string
- array
- Any of
not_resource: An advanced policy element that explicitly matches every resource except those specified.DON'T use this with effect: allow and action: '*'.- Any of
- array
- Items (string)
- string
- array
- Any of
condition(object): An optional set of conditions to determine of the policy applies to a resource.sid(string): The Policy Statement ID.
ManagedPolicyDocument(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
version(string)statement: List of policy statements.- Any of
- array
- Items: Refer to #/definitions/PolicyStatement.
- : Refer to #/definitions/PolicyStatement.
- array
- Any of
Tag(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
key(string, required)value(string, required)
ManagedPolicyProperties(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.policy_name(string, required): The name of the policy.path: Default:"/".- Any of
- string
- array
- Items: Refer to #/definitions/Path.
- Any of
description: Description of the role. Default:"".- Any of
- string
- array
- Items: Refer to #/definitions/Description.
- Any of
policy_document- Any of
- : Refer to #/definitions/ManagedPolicyDocument.
- array
- Items: Refer to #/definitions/ManagedPolicyDocument.
- Any of
tags(array): List of tags attached to the role. Default:[].- Items: Refer to #/definitions/Tag.