Skip to main content

AWSConfig

See Template Schema Validation to learn how to validate templates automatically in your IDE.

Description

Properties

  • organizations (array): A list of AWS Organizations to be managed by iambic. Default: [].
  • accounts (array): A list of AWS Accounts to be managed by iambic. Default: [].
  • min_accounts_required_for_wildcard_included_accounts (integer): Iambic will set included_accounts = * on imported resources that exist on all accounts if the minimum number of accounts is met. Default: 3.
  • sqs_cloudtrail_changes_queues (array): Default: [].
    • Items (string)
  • spoke_role_is_read_only (boolean): aws iambic spoke role is configured as read_only. If true, it will restrict IAMbic capability in AWS. Default: false.
  • import_rules (array): A list of rules to determine which resources to import from AWS. Default: [].

Definitions

  • RegionName: An enumeration. Must be one of: ["af-south-1", "ap-east-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-south-2", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-southeast-4", "ca-central-1", "cn-north-1", "cn-northwest-1", "eu-central-1", "eu-central-2", "eu-north-1", "eu-south-1", "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3", "il-central-1", "me-central-1", "me-south-1", "sa-east-1", "us-east-1", "us-east-2", "us-gov-east-1", "us-gov-west-1", "us-west-1", "us-west-2"].
  • AWSIdentityCenter (object)
  • IambicManaged: An enumeration. Must be one of: ["undefined", "read_and_write", "import_only", "enforced", "disabled"].
  • BaseAWSOrgRule (object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.
  • AWSOrgAccountRule (object): A base model class that provides additional helper methods and configurations for other models used in IAMbic.
    • iambic_managed: Controls the directionality of iambic changes. Default: "undefined".
    • included_accounts (array): A list of account ids and/or account names this rule applies to. Account ids/names can be represented as a regex and string. Default: ["*"].
      • Items (string)
    • excluded_accounts (array): A list of account ids and/or account names this rule explicitly does not apply to. Account ids/names can be represented as a regex and string. Default: [].
      • Items (string)
  • AWSOrganization (object)
    • default_region: Default region to use when making AWS requests. Default: "us-east-1".
    • aws_profile (string): The AWS profile used when making calls to the account.
    • hub_role_arn (string, required): The role arn to assume into when making calls to the account.
    • external_id (string): The external id to use for assuming into a role when making calls to the account.
    • boto3_session_map (object)
    • org_name (string): Optional friendly name for the organization.
    • org_id (string): A unique identifier designating the identity of the organization.
    • org_account_id (string, required): The AWS Organization's master account ID.
    • identity_center: The AWS Account ID and region of the AWS Identity Center instance to use for this organization.
    • default_rule: The rule used to determine how an organization account should be handled if the account was not found in account_rules. Default: {"metadata_commented_dict": {}, "iambic_managed": "undefined"}.
    • account_rules (array): A list of rules used to determine how organization accounts are handled. Default: [].
    • spoke_role_is_read_only (boolean): if true, the spoke role will be limited to read-only permissions. Default: false.
    • preferred_spoke_role_name (string): SpokeRoleName use across organization. Default: "IambicSpokeRole".
  • Partition: An enumeration. Must be one of: ["aws", "aws-us-gov", "aws-cn"].
  • Variable (object)
    • key (string, required)
    • value (string, required)
  • IdentityCenterDetails (object)
    • region: Default: "us-east-1".
    • instance_arn (string)
    • identity_store_id (string)
    • permission_set_map (object)
    • user_map (object)
    • group_map (object)
    • org_account_map (object)
  • AWSAccount (object): Inherited by the provider class to provide a consistent interface for AccessModelMixin<br > For AWS, this is the AWS account For GCP, this is the GCP project For Okta, this is the IDP domain.
    • default_region: Default region to use when making AWS requests. Default: "us-east-1".
    • aws_profile (string): The AWS profile used when making calls to the account.
    • hub_role_arn (string): The role arn to assume into when making calls to the account.
    • external_id (string): The external id to use for assuming into a role when making calls to the account.
    • boto3_session_map (object)
    • iambic_managed: Controls the directionality of iambic changes. Default: "undefined".
    • account_id (string): The AWS Account ID.
    • org_id (string): A unique identifier designating the identity of the organization.
    • account_name (string, required)
    • partition: The AWS partition the account is in. Options are aws, aws-us-gov, and aws-cn. Default: "aws".
    • variables (array): A list of variables to be used when creating templates. Default: [].
    • hub_session_info (object)
    • identity_center_details: Refer to #/definitions/IdentityCenterDetails.
    • spoke_role_arn (string): (Auto-populated) The role arn to assume into when making calls to the account.
    • assume_role_arn (string): The role arn to assume into when making calls to the account.
    • organization: The AWS Organization this account belongs to.
  • ImportRuleTag (object)
    • key (string, required): The key of the tag to match.
    • value (string): The value of the tag to match.
  • ImportAction: An enumeration. Must be one of: ["ignore", "set_import_only"].
  • ImportRule (object)
    • match_tags (array): A list of tags to match for the rule. Default: [].
    • match_names (array): A list of resource names to match for the rule. Default: [].
      • Items (string)
    • match_paths (array): A list of resource paths to match for the rule. Default: [].
      • Items (string)
    • match_template_types (array): A list of resource template types to match for the rule. Default: [].
      • Items (string)
    • action: The action to take when the rule matches (e.g., 'ignore', 'set_import_only').