AwsIdentityCenterPermissionSetTemplate
See Template Schema Validation to learn how to validate templates automatically in your IDE.
Description
A base model class that provides additional helper methods and configurations for other models used in IAMbic.
Properties
expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
template_type(string): Default:"NOQ::AWS::IdentityCenter::PermissionSet".template_schema_url(string): Default:"https://docs.iambic.org/reference/schemas/aws_identity_center_permission_set_template".owner(string): Owner of the permission set.notes(string)iambic_managed: Controls the directionality of Iambic changes. Default:"undefined".- All of
- : Refer to #/definitions/IambicManaged.
- All of
identifier(string)properties: Refer to #/definitions/PermissionSetProperties.access_rules(array): Default:[].- Items: Refer to #/definitions/PermissionSetAccess.
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
Definitions
IambicManaged: An enumeration. Must be one of:["undefined", "read_and_write", "import_only", "enforced", "disabled"].
Description(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
description(string): Default:"".
SessionDuration(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.session_duration(string, required)
CustomerManagedPolicyReference(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
path(string): The path to the IAM policy that you have configured in each account where you want to deploy your permission set. The default is /. For more information, see Friendly names and paths in the IAM User Guide. Default:"/".name(string, required)
PermissionBoundary(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
customer_managed_policy_reference: Refer to #/definitions/CustomerManagedPolicyReference.managed_policy_arn(string)
Principal(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.aws- Any of
- string
- array
- Items (string)
- Any of
service- Any of
- string
- array
- Items (string)
- Any of
canonical_user- Any of
- string
- array
- Items (string)
- Any of
federated- Any of
- string
- array
- Items (string)
- Any of
PolicyStatement(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
effect(string, required): Allow | Deny.principal- Any of
- : Refer to #/definitions/Principal.
- string
- Any of
not_principal- Any of
- : Refer to #/definitions/Principal.
- string
- Any of
action: A single regex or list of regexes. Values are the actions that can be performed on the resources in the policy statement.- Any of
- array
- Items (string)
- string
- array
- Any of
not_action: An advanced policy element that explicitly matches everything except the specified list of actions.DON'T use this with effect: allow in the same statement OR policy.- Any of
- array
- Items (string)
- string
- array
- Any of
resource: A single regex or list of regexes. Values specified are the resources the statement applies to.- Any of
- array
- Items (string)
- string
- array
- Any of
not_resource: An advanced policy element that explicitly matches every resource except those specified.DON'T use this with effect: allow and action: '*'.- Any of
- array
- Items (string)
- string
- array
- Any of
condition(object): An optional set of conditions to determine of the policy applies to a resource.sid(string): The Policy Statement ID.
InlinePolicy(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
version(string)statement: List of policy statements.- Any of
- array
- Items: Refer to #/definitions/PolicyStatement.
- : Refer to #/definitions/PolicyStatement.
- array
- Any of
ManagedPolicyArn(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
arn(string, required)
Tag(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
key(string, required)value(string, required)
PermissionSetProperties(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.name(string, required)description: Description of the permission set.- Any of
- string
- array
- Items: Refer to #/definitions/Description.
- Any of
relay_state(string)session_duration- Any of
- string
- array
- Items: Refer to #/definitions/SessionDuration.
- Any of
permissions_boundary: Refer to #/definitions/PermissionBoundary.inline_policy: Refer to #/definitions/InlinePolicy.customer_managed_policy_references(array): Default:[].- Items: Refer to #/definitions/CustomerManagedPolicyReference.
managed_policies(array): Default:[].- Items: Refer to #/definitions/ManagedPolicyArn.
tags(array): Default:[].- Items: Refer to #/definitions/Tag.
PermissionSetAccess(object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.expires_at: The date and time the resource will be/was set to deleted.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
deleted(boolean): Denotes whether the resource has been removed from AWS.Upon being set to true, the resource will be deleted the next time iambic is ran. Default:false.expires_at_default: A value that is set by IAMbic at run time and should not be set by the user.- Any of
- string
- string (date-time)
- string (date)
Examples:
in 3 days
...'2023-09-01''2023-08-31T12:00:00'- Any of
included_accounts(array): A list of account ids and/or account names this statement applies to. Account ids/names can be represented as a regex and string. Default:["*"].- Items (string)
excluded_accounts(array): A list of account ids and/or account names this statement explicitly does not apply to. Account ids/names can be represented as a regex and string. Default:[].- Items (string)
included_orgs(array): A list of AWS organization ids this statement applies to. Org ids can be represented as a regex and string. Default:["*"].- Items (string)
excluded_orgs(array): A list of AWS organization ids this statement explicitly does not apply to. Org ids can be represented as a regex and string. Default:[].- Items (string)
users(array): List of users who can access the role. Default:[].- Items (string)
groups(array): List of groups. Users in one or more of the groups can access the role. Default:[].- Items (string)