Definitions for @turbot/aws-iam

accessAnalyzer

Schema
{
"type": "object",
"properties": {
"arn": {
"$ref": "#/definitions/accessAnalyzerArn"
},
"createdAt": {
"$ref": "#/definitions/createdAt"
},
"lastResourceAnalyzed": {
"type": "string"
},
"lastResourceAnalyzedAt": {
"$ref": "#/definitions/lastResourceAnalyzedAt"
},
"name": {
"$ref": "#/definitions/accessAnalyzerName"
},
"status": {
"$ref": "#/definitions/accessAnalyzerStatus"
},
"type": {
"$ref": "#/definitions/accessAnalyzerType"
},
"tags": {
"$ref": "aws#/definitions/tagList"
},
"turbot": {
"type": "object",
"properties": {
"akas": {
"type": "array",
"items": {
"$ref": "#/definitions/accessAnalyzerArn"
}
},
"tags": {
"$ref": "aws#/definitions/tagsMap"
},
"title": {
"$ref": "#/definitions/accessAnalyzerName"
},
"custom": {
"type": "object",
"properties": {
"aws": {
"$ref": "aws#/definitions/awsMetadata"
},
"createTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
}
}
}
}
}
},
"additionalProperties": true,
"tests": [
{
"description": "Valid - All properties",
"input": {
"arn": "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer",
"createdAt": "2021-08-31T07:29:15+00:00",
"lastResourceAnalyzed": "arn:aws:iam::986325076436:role/turbot/waf_readonly",
"lastResourceAnalyzedAt": "2021-08-31T07:29:16.570000+00:00",
"name": "sd-test-analyzer",
"status": "ACTIVE",
"tags": {},
"type": "ACCOUNT",
"turbot": {
"akas": [
"arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer"
],
"tags": {},
"title": "sd-test-analyzer",
"custom": {
"aws": {
"accountId": 986325076436
},
"createTimestamp": "2018-12-21T18:15:20.000Z"
}
}
}
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzer",
"modUri": "tmod:@turbot/aws-iam"
}
}

accessAnalyzerArn

Schema
{
"type": "string",
"pattern": "^arn:aws(-us-gov|-cn)?:access-analyzer:[a-z]{2}(-gov)?-[a-z]+-[0-9]:[0-9]{12}:analyzer/[A-Za-z][A-Za-z0-9_.-]{0,255}$",
"tests": [
{
"description": "Valid - Base case",
"input": "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer"
},
{
"description": "Invalid - Malformed resource collection",
"input": "arn:aws:ec2:us-east-1:123456789012:instances/i-a2345678",
"expected": false
},
{
"description": "Invalid - account id not valid",
"input": "arn:aws:iam::1234234456789012:user/bob",
"expected": false
},
{
"description": "Invalid - special character 0-9_+=,.@- are allowed",
"input": "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer!!!",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerArn",
"modUri": "tmod:@turbot/aws-iam"
}
}

accessAnalyzerName

Schema
{
"type": "string",
"pattern": "^[A-Za-z][A-Za-z0-9_.-]{0,255}$",
"tests": [
{
"description": "Valid - Base case",
"input": "sd-test-analyzer"
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerName",
"modUri": "tmod:@turbot/aws-iam"
}
}

accessAnalyzerStatus

Schema
{
"type": "string",
"enum": [
"ACTIVE",
"CREATING",
"DISABLED",
"FAILED"
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerStatus",
"modUri": "tmod:@turbot/aws-iam"
}
}

accessAnalyzerType

Schema
{
"type": "string",
"enum": [
"ACCOUNT",
"ORGANIZATION"
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerType",
"modUri": "tmod:@turbot/aws-iam"
}
}

accessKey

Schema
{
"type": "object",
"properties": {
"AccessKeyId": {
"$ref": "#/definitions/userId"
},
"CreateDate": {
"$ref": "turbot#/definitions/isoTimestamp"
},
"SecretAccessKey": {
"$ref": "#/definitions/secretAccessKey"
},
"Status": {
"$ref": "#/definitions/status"
},
"UserName": {
"$ref": "#/definitions/userName"
},
"AccessKeyLastUsed": {
"type": "object"
},
"turbot": {
"type": "object",
"properties": {
"akas": {
"type": "array",
"items": {
"$ref": "#/definitions/accessKeyAka"
}
},
"title": {
"$ref": "#/definitions/userName"
},
"custom": {
"type": "object",
"properties": {
"aws": {
"$ref": "aws#/definitions/awsMetadata"
},
"createTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
},
"lastUsedTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
}
}
}
}
}
},
"additionalProperties": true,
"tests": [
{
"description": "Valid - All properties",
"input": {
"AccessKeyId": "AKIA1234567890EXAMPLE",
"CreateDate": "2018-30-07T18:15:20.000Z",
"SecretAccessKey": 100,
"Status": "Active",
"UserName": "Bob",
"turbot": {
"akas": [
"arn:aws:iam::123456789012:user/Bob/accesskey/AKIA1234567890EXAMPLE"
],
"title": "Bob",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
}
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/accessKey",
"modUri": "tmod:@turbot/aws-iam"
}
}

accessKeyAka

Schema
{
"type": "string",
"pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:user/[A-Za-z0-9_+=,.@-]{1,64}/accesskey/[A-Za-z0-9]{16,128}$",
"tests": [
{
"description": "Valid - Base case",
"input": "arn:aws:iam::123456789012:user/Bob/accesskey/AKIA1234567890EXAMPLE"
},
{
"description": "Invalid - Malformed resource collection",
"input": "arn:aws:iam::123456789012:user/Bob/accesskeys/AKIA1234567890EXAMPLE",
"expected": false
},
{
"description": "Invalid - Malformed account ID",
"input": "arn:aws:iam::1234567811213:user/Bob/accesskey/AKIA1234567890EXAMPLE",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/accessKeyAka",
"modUri": "tmod:@turbot/aws-iam"
}
}

accountPasswordPolicy

Schema
{
"type": "object",
"properties": {
"MinimumPasswordLength": {
"type": "integer",
"minimum": 6,
"maximum": 128,
"tests": [
{
"input": 5
},
{
"input": 7
},
{
"description": "minimum",
"input": 6
},
{
"description": "maximum",
"input": 128
},
{
"description": "invalid - decimal value provided",
"input": 4.5,
"expected": false
},
{
"description": "invalid - string type provided",
"input": "three",
"expected": false
},
{
"description": "invalid - less than minimum",
"input": 1,
"expected": false
},
{
"description": "invalid - greater than maximum",
"input": 129,
"expected": false
}
]
},
"RequireSymbols": {
"type": "boolean",
"tests": [
{
"input": false
},
{
"input": true
},
{
"description": "invalid - array",
"input": [],
"expected": false
},
{
"description": "invalid - string",
"input": "",
"expected": false
}
]
},
"RequireNumbers": {
"type": "boolean",
"tests": [
{
"input": false
},
{
"input": true
},
{
"description": "invalid - array",
"input": [],
"expected": false
},
{
"description": "invalid - string",
"input": "",
"expected": false
}
]
},
"RequireUppercaseCharacters": {
"type": "boolean",
"tests": [
{
"input": false
},
{
"input": true
},
{
"description": "invalid - array",
"input": [],
"expected": false
},
{
"description": "invalid - string",
"input": "",
"expected": false
}
]
},
"RequireLowercaseCharacters": {
"type": "boolean",
"tests": [
{
"input": false
},
{
"input": true
},
{
"description": "invalid - array",
"input": [],
"expected": false
},
{
"description": "invalid - string",
"input": "",
"expected": false
}
]
},
"AllowUsersToChangePassword": {
"type": "boolean",
"tests": [
{
"input": false
},
{
"input": true
},
{
"description": "invalid - array",
"input": [],
"expected": false
},
{
"description": "invalid - string",
"input": "",
"expected": false
}
]
},
"ExpirePasswords": {
"type": "boolean",
"tests": [
{
"input": false
},
{
"input": true
},
{
"description": "invalid - array",
"input": [],
"expected": false
},
{
"description": "invalid - string",
"input": "",
"expected": false
}
]
},
"HardExpiry": {
"type": "boolean",
"tests": [
{
"input": false
},
{
"input": true
},
{
"description": "invalid - array",
"input": [],
"expected": false
},
{
"description": "invalid - string",
"input": "",
"expected": false
}
]
},
"PasswordReusePrevention": {
"type": "integer",
"minimum": 1,
"maximum": 24,
"tests": [
{
"input": 5
},
{
"input": 7
},
{
"description": "minimum",
"input": 1
},
{
"description": "maximum",
"input": 24
},
{
"description": "invalid - decimal value provided",
"input": 4.5,
"expected": false
},
{
"description": "invalid - string type provided",
"input": "three",
"expected": false
},
{
"description": "invalid - less than minimum",
"input": 0,
"expected": false
},
{
"description": "invalid - greater than maximum",
"input": 129,
"expected": false
}
]
},
"MaxPasswordAge": {
"type": "integer",
"minimum": 1,
"maximum": 1095,
"tests": [
{
"input": 50
},
{
"input": 70
},
{
"description": "minimum",
"input": 1
},
{
"description": "maximum",
"input": 1095
},
{
"description": "invalid - decimal value provided",
"input": 4.5,
"expected": false
},
{
"description": "invalid - string type provided",
"input": "three",
"expected": false
},
{
"description": "invalid - less than minimum",
"input": 0,
"expected": false
},
{
"description": "invalid - greater than maximum",
"input": 1290,
"expected": false
}
]
},
"turbot": {
"type": "object",
"properties": {
"akas": {
"type": "array",
"items": {
"$ref": "#/definitions/accountPasswordPolicyAka"
}
},
"tags": {
"$ref": "aws#/definitions/tagsMap"
},
"title": {
"type": "string"
},
"custom": {
"type": "object",
"properties": {
"aws": {
"$ref": "aws#/definitions/awsMetadata"
},
"createTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
}
}
}
}
}
},
"required": [
"turbot",
"MinimumPasswordLength",
"RequireSymbols",
"RequireNumbers",
"RequireUppercaseCharacters",
"RequireLowercaseCharacters",
"AllowUsersToChangePassword",
"ExpirePasswords"
],
"tests": [
{
"description": "Valid - Base case",
"input": {
"MinimumPasswordLength": 14,
"RequireSymbols": true,
"RequireNumbers": true,
"RequireUppercaseCharacters": true,
"RequireLowercaseCharacters": true,
"AllowUsersToChangePassword": false,
"ExpirePasswords": true,
"turbot": {
"akas": [
"arn:aws:iam::123456789012:accountPasswordPolicy"
],
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
}
},
{
"description": "Invalid - Missing Guardrails data",
"input": {
"MinimumPasswordLength": 14,
"RequireSymbols": true,
"RequireNumbers": true,
"RequireUppercaseCharacters": true,
"RequireLowercaseCharacters": true,
"AllowUsersToChangePassword": false,
"ExpirePasswords": true
},
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/accountPasswordPolicy",
"modUri": "tmod:@turbot/aws-iam"
}
}

accountPasswordPolicyAka

Schema
{
"type": "string",
"pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:accountPasswordPolicy$",
"tests": [
{
"description": "Valid - Base case",
"input": "arn:aws:iam::123456789012:accountPasswordPolicy"
},
{
"description": "Invalid - Malformed account ID",
"input": "arn:aws:iam:123456764765789012:accountPasswordPolicy",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/accountPasswordPolicyAka",
"modUri": "tmod:@turbot/aws-iam"
}
}

accountSummary

Schema
{
"type": "object",
"properties": {
"GroupPolicySizeQuota": {
"$ref": "#/definitions/genericNumber"
},
"InstanceProfilesQuota": {
"$ref": "#/definitions/genericNumber"
},
"Policies": {
"$ref": "#/definitions/genericNumber"
},
"GroupsPerUserQuota": {
"$ref": "#/definitions/genericNumber"
},
"InstanceProfiles": {
"$ref": "#/definitions/genericNumber"
},
"AttachedPoliciesPerUserQuota": {
"$ref": "#/definitions/genericNumber"
},
"Users": {
"$ref": "#/definitions/genericNumber"
},
"PoliciesQuota": {
"$ref": "#/definitions/genericNumber"
},
"Providers": {
"$ref": "#/definitions/genericNumber"
},
"AccountMFAEnabled": {
"$ref": "#/definitions/genericNumber"
},
"AccessKeysPerUserQuota": {
"$ref": "#/definitions/genericNumber"
},
"AssumeRolePolicySizeQuota": {
"$ref": "#/definitions/genericNumber"
},
"PolicyVersionsInUseQuota": {
"$ref": "#/definitions/genericNumber"
},
"VersionsPerPolicyQuota": {
"$ref": "#/definitions/genericNumber"
},
"AttachedPoliciesPerGroupQuota": {
"$ref": "#/definitions/genericNumber"
},
"PolicySizeQuota": {
"$ref": "#/definitions/genericNumber"
},
"Groups": {
"$ref": "#/definitions/genericNumber"
},
"AccountSigningCertificatesPresent": {
"$ref": "#/definitions/genericNumber"
},
"UsersQuota": {
"$ref": "#/definitions/genericNumber"
},
"ServerCertificatesQuota": {
"$ref": "#/definitions/genericNumber"
},
"MFADevices": {
"$ref": "#/definitions/genericNumber"
},
"UserPolicySizeQuota": {
"$ref": "#/definitions/genericNumber"
},
"PolicyVersionsInUse": {
"$ref": "#/definitions/genericNumber"
},
"ServerCertificates": {
"$ref": "#/definitions/genericNumber"
},
"Roles": {
"$ref": "#/definitions/genericNumber"
},
"RolesQuota": {
"$ref": "#/definitions/genericNumber"
},
"SigningCertificatesPerUserQuota": {
"$ref": "#/definitions/genericNumber"
},
"MFADevicesInUse": {
"$ref": "#/definitions/genericNumber"
},
"RolePolicySizeQuota": {
"$ref": "#/definitions/genericNumber"
},
"AttachedPoliciesPerRoleQuota": {
"$ref": "#/definitions/genericNumber"
},
"AccountAccessKeysPresent": {
"$ref": "#/definitions/genericNumber"
},
"GroupsQuota": {
"$ref": "#/definitions/genericNumber"
},
"GlobalEndpointTokenVersion": {
"$ref": "#/definitions/genericNumber"
},
"turbot": {
"type": "object",
"properties": {
"akas": {
"type": "array",
"items": {
"$ref": "#/definitions/accountSummaryAka"
}
},
"custom": {
"type": "object",
"properties": {
"aws": {
"$ref": "aws#/definitions/awsMetadata"
},
"createTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
}
}
}
}
}
},
"additionalProperties": true,
"tests": [
{
"description": "Valid - All properties",
"input": {
"AccessKeysPerUserQuota": 2,
"AccountAccessKeysPresent": 1,
"AccountMFAEnabled": 0,
"AccountSigningCertificatesPresent": 0,
"AttachedPoliciesPerGroupQuota": 10,
"AttachedPoliciesPerRoleQuota": 10,
"AttachedPoliciesPerUserQuota": 10,
"GroupPolicySizeQuota": 5120,
"Groups": 15,
"GroupsPerUserQuota": 10,
"GroupsQuota": 100,
"MFADevices": 6,
"MFADevicesInUse": 3,
"Policies": 8,
"PoliciesQuota": 1000,
"PolicySizeQuota": 5120,
"PolicyVersionsInUse": 22,
"PolicyVersionsInUseQuota": 10000,
"ServerCertificates": 1,
"ServerCertificatesQuota": 20,
"SigningCertificatesPerUserQuota": 2,
"UserPolicySizeQuota": 2048,
"Users": 27,
"UsersQuota": 5000,
"VersionsPerPolicyQuota": 5,
"turbot": {
"akas": [
"arn:aws:iam::123456789012:accountSummary"
],
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
}
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/accountSummary",
"modUri": "tmod:@turbot/aws-iam"
}
}

accountSummaryAka

Schema
{
"type": "string",
"pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:accountSummary$",
"tests": [
{
"description": "Valid - Base case",
"input": "arn:aws:iam::123456789012:accountSummary"
},
{
"description": "Invalid - Malformed resource collection",
"input": "arn:aws:ec2:us-east-1:123456789012:instances/i-a2345678",
"expected": false
},
{
"description": "Invalid - Malformed region name",
"input": "arn:aws:ec2:use-east-1:123456789012:instances/i-a2345678",
"expected": false
},
{
"description": "Invalid - Malformed account ID",
"input": "arn:aws:ec2:us-east-1:1234567890123:instances/i-a2345678",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/accountSummaryAka",
"modUri": "tmod:@turbot/aws-iam"
}
}

api

Schema
{
"type": "string",
"pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[*])$",
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/api",
"modUri": "tmod:@turbot/aws-iam"
}
}

apiBoundaries

Schema
{
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"regionScope": {
"type": "string",
"enum": [
"regional",
"global"
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/regionScope",
"modUri": "tmod:@turbot/aws-iam"
}
},
"api": {
"type": "string",
"pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[*])$",
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/api",
"modUri": "tmod:@turbot/aws-iam"
}
}
},
"required": [
"api",
"regionScope"
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/apiBoundary",
"modUri": "tmod:@turbot/aws-iam"
}
},
"tests": [
{
"description": "Valid test",
"input": [
{
"api": "ec2:*",
"regionScope": "regional"
}
]
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/apiBoundaries",
"modUri": "tmod:@turbot/aws-iam"
}
}

apiBoundary

Schema
{
"type": "object",
"additionalProperties": false,
"properties": {
"regionScope": {
"type": "string",
"enum": [
"regional",
"global"
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/regionScope",
"modUri": "tmod:@turbot/aws-iam"
}
},
"api": {
"type": "string",
"pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[*])$",
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/api",
"modUri": "tmod:@turbot/aws-iam"
}
}
},
"required": [
"api",
"regionScope"
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/apiBoundary",
"modUri": "tmod:@turbot/aws-iam"
}
}

assignmentStatus

Schema
{
"type": "string",
"default": "Any",
"enum": [
"Assigned",
"Unassigned",
"Any"
],
"tests": [
{
"input": "Assigned"
},
{
"input": "Any"
},
{
"description": "invalid - not listed in options",
"input": "Reassigned",
"expected": false
},
{
"description": "invalid - null value",
"input": null,
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/assignmentStatus",
"modUri": "tmod:@turbot/aws-iam"
}
}

assumeRolePolicyDocument

Schema
{
"type": "object",
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/assumeRolePolicyDocument",
"modUri": "tmod:@turbot/aws-iam"
}
}

attachmentCount

Schema
{
"type": "integer",
"tests": [
{
"input": 123456789
},
{
"input": 4
},
{
"description": "invalid - string type provided",
"input": "three",
"expected": false
},
{
"description": "invalid - decimal value provided",
"input": 4.5,
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/attachmentCount",
"modUri": "tmod:@turbot/aws-iam"
}
}

awsLevelDefinition

Schema
{
"description": "Internal format for Guardrails Levels.",
"type": "object",
"properties": {
"level": {
"type": "string",
"format": "uri-reference",
".turbot": {
"uri": "tmod:@turbot/turbot#/definitions/$ref",
"modUri": "tmod:@turbot/turbot"
},
"pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist"
},
"type": {
"type": "string",
"format": "uri-reference",
".turbot": {
"uri": "tmod:@turbot/turbot#/definitions/$ref",
"modUri": "tmod:@turbot/turbot"
},
"pattern": "^tmod:@turbot/aws"
}
},
"required": [
"level",
"type"
],
"additionalProperties": false,
"tests": [
{
"description": "Valid level definition",
"input": {
"level": "tmod:@turbot/aws-s3#/permission/levels/admin",
"type": "tmod:@turbot/aws-s3#/permission/types/s3"
}
},
{
"description": "invalid type definition",
"input": {
"level": "tmod:@turbot/aws-s3#/permission/levels/admin",
"type": "tmod:@turbot/azure-s3#/permission/types/s3"
},
"expected": false
},
{
"description": "Invalid - Levels includes a non #/permission/levels/* path",
"expected": false,
"input": {
"level": "#/definitions/foo",
"type": "#/permission/types/foo"
}
},
{
"description": "Invalid - Types includes a non #/permission/types/* path",
"expected": false,
"input": {
"level": "#/permission/levels/user",
"type": "#/definitions/bar"
}
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinition",
"modUri": "tmod:@turbot/aws-iam"
}
}

awsLevelDefinitionList

Schema
{
"description": "Internal format for Guardrails Levels registrations.",
"type": "array",
"items": {
"description": "Internal format for Guardrails Levels.",
"type": "object",
"properties": {
"level": {
"type": "string",
"format": "uri-reference",
".turbot": {
"uri": "tmod:@turbot/turbot#/definitions/$ref",
"modUri": "tmod:@turbot/turbot"
},
"pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist"
},
"type": {
"type": "string",
"format": "uri-reference",
".turbot": {
"uri": "tmod:@turbot/turbot#/definitions/$ref",
"modUri": "tmod:@turbot/turbot"
},
"pattern": "^tmod:@turbot/aws"
}
},
"required": [
"level",
"type"
],
"additionalProperties": false,
"tests": [
{
"description": "Valid level definition",
"input": {
"level": "tmod:@turbot/aws-s3#/permission/levels/admin",
"type": "tmod:@turbot/aws-s3#/permission/types/s3"
}
},
{
"description": "invalid type definition",
"input": {
"level": "tmod:@turbot/aws-s3#/permission/levels/admin",
"type": "tmod:@turbot/azure-s3#/permission/types/s3"
},
"expected": false
},
{
"description": "Invalid - Levels includes a non #/permission/levels/* path",
"expected": false,
"input": {
"level": "#/definitions/foo",
"type": "#/permission/types/foo"
}
},
{
"description": "Invalid - Types includes a non #/permission/types/* path",
"expected": false,
"input": {
"level": "#/permission/levels/user",
"type": "#/definitions/bar"
}
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinition",
"modUri": "tmod:@turbot/aws-iam"
}
},
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinitionList",
"modUri": "tmod:@turbot/aws-iam"
}
}

awsModifier

Schema
{
"type": "object",
"patternProperties": {
"^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[A-Za-z0-9]+)$": {
"type": "string",
"pattern": "^user|metadata|readonly|admin|owner|operator|none|whitelist|superuser",
"tests": [
{
"input": "metadata"
},
{
"input": "operator"
},
{
"description": "invalid - includes $",
"input": "something",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsModifierLevelReference",
"modUri": "tmod:@turbot/aws-iam"
}
}
},
"additionalProperties": false,
"tests": [
{
"description": "valid - base case",
"input": {
"s3:create": "metadata"
}
},
{
"description": "invalid - level",
"input": {
"s3:create": "some"
},
"expected": false
},
{
"description": "invalid - perms",
"input": {
"s3:": "some"
},
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsModifier",
"modUri": "tmod:@turbot/aws-iam"
}
}

awsModifierLevelReference

Schema
{
"type": "string",
"pattern": "^user|metadata|readonly|admin|owner|operator|none|whitelist|superuser",
"tests": [
{
"input": "metadata"
},
{
"input": "operator"
},
{
"description": "invalid - includes $",
"input": "something",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsModifierLevelReference",
"modUri": "tmod:@turbot/aws-iam"
}
}

awsModifierList

Schema
{
"default": [],
"type": "array",
"items": {
"type": "object",
"patternProperties": {
"^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[A-Za-z0-9]+)$": {
"type": "string",
"pattern": "^user|metadata|readonly|admin|owner|operator|none|whitelist|superuser",
"tests": [
{
"input": "metadata"
},
{
"input": "operator"
},
{
"description": "invalid - includes $",
"input": "something",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsModifierLevelReference",
"modUri": "tmod:@turbot/aws-iam"
}
}
},
"additionalProperties": false,
"tests": [
{
"description": "valid - base case",
"input": {
"s3:create": "metadata"
}
},
{
"description": "invalid - level",
"input": {
"s3:create": "some"
},
"expected": false
},
{
"description": "invalid - perms",
"input": {
"s3:": "some"
},
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsModifier",
"modUri": "tmod:@turbot/aws-iam"
}
},
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsModifierList",
"modUri": "tmod:@turbot/aws-iam"
}
}

awsPermissionLevelReference

Schema
{
"allOf": [
{
"$ref": "turbot#/definitions/permissionLevelReference"
},
{
"pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist"
}
],
"tests": [
{
"description": "valid permission type",
"input": "tmod:@turbot/aws-s3#/permission/levels/admin"
},
{
"description": "invalid - aws permission type",
"input": "tmod:@turbot/azure-storage#/permission/types/storage",
"expected": false
},
{
"description": "invalid - category",
"input": "tmod:@turbot/aws-s3#/control/types/bucketApproved",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsPermissionLevelReference",
"modUri": "tmod:@turbot/aws-iam"
}
}

awsPermissionReference

Schema
{
"allOf": [
{
"$ref": "turbot#/definitions/permissionReference"
},
{
"pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:\\*|[A-Za-z0-9]+)$"
}
],
"tests": [
{
"description": "valid",
"input": "test:me"
},
{
"description": "valid",
"input": "test:you"
},
{
"description": "valid",
"input": "test:*"
},
{
"description": "valid",
"input": "S3:Test"
},
{
"description": "valid",
"input": "cognito-sync:test"
},
{
"description": "valid",
"input": "a:test"
},
{
"description": "invalid - aws permission",
"input": "some-:t",
"expected": false
},
{
"description": "invalid - no space",
"input": "some- :t",
"expected": false
},
{
"description": "invalid - should not start with -",
"input": "-as:t",
"expected": false
},
{
"description": "invalid - should not end with multiple **",
"input": "-as:t**",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsPermissionReference",
"modUri": "tmod:@turbot/aws-iam"
}
}

awsPermissionTypeReference

Schema
{
"allOf": [
{
"$ref": "turbot#/definitions/permissionTypeReference"
},
{
"pattern": "^tmod:@turbot/aws"
}
],
"tests": [
{
"description": "valid permission type",
"input": "tmod:@turbot/aws-s3#/permission/types/s3"
},
{
"description": "invalid - aws permission type",
"input": "tmod:@turbot/azure-storage#/permission/types/storage",
"expected": false
},
{
"description": "invalid - category",
"input": "tmod:@turbot/aws-s3#/control/types/bucketApproved",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsPermissionTypeReference",
"modUri": "tmod:@turbot/aws-iam"
}
}

awsRightDefinition

Schema
{
"description": "Internal format for Guardrails Rights registrations.",
"type": "object",
"properties": {
"level": {
"type": "string",
"format": "uri-reference",
".turbot": {
"uri": "tmod:@turbot/turbot#/definitions/$ref",
"modUri": "tmod:@turbot/turbot"
},
"pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist"
},
"type": {
"type": "string",
"format": "uri-reference",
".turbot": {
"uri": "tmod:@turbot/turbot#/definitions/$ref",
"modUri": "tmod:@turbot/turbot"
},
"pattern": "^tmod:@turbot/aws"
},
"permission": {
"type": "string",
"pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:\\*|[A-Za-z0-9]+)$"
}
},
"required": [
"level",
"type",
"permission"
],
"additionalProperties": false,
"tests": [
{
"description": "Valid right definition",
"input": {
"level": "tmod:@turbot/aws-s3#/permission/levels/admin",
"type": "tmod:@turbot/aws-s3#/permission/types/s3",
"permission": "s3:createBucket"
}
},
{
"description": "invalid type definition",
"input": {
"level": "tmod:@turbot/aws-s3#/permission/levels/admin",
"type": "tmod:@turbot/azure-s3#/permission/types/s3",
"permission": "s3:createBucket"
},
"expected": false
},
{
"description": "Invalid - Levels includes a non #/permission/levels/* path",
"expected": false,
"input": {
"level": "#/definitions/foo",
"type": "#/permission/types/foo",
"permission": "s3:createBucket"
}
},
{
"description": "Invalid - Types includes a non #/permission/types/* path",
"expected": false,
"input": {
"level": "#/permission/levels/user",
"type": "#/definitions/bar",
"permission": "s3:createBucket"
}
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsRightDefinition",
"modUri": "tmod:@turbot/aws-iam"
}
}

awsRightDefinitionList

Schema
{
"description": "Internal format for Guardrails Rights registrations.",
"type": "array",
"items": {
"description": "Internal format for Guardrails Rights registrations.",
"type": "object",
"properties": {
"level": {
"type": "string",
"format": "uri-reference",
".turbot": {
"uri": "tmod:@turbot/turbot#/definitions/$ref",
"modUri": "tmod:@turbot/turbot"
},
"pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist"
},
"type": {
"type": "string",
"format": "uri-reference",
".turbot": {
"uri": "tmod:@turbot/turbot#/definitions/$ref",
"modUri": "tmod:@turbot/turbot"
},
"pattern": "^tmod:@turbot/aws"
},
"permission": {
"type": "string",
"pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:\\*|[A-Za-z0-9]+)$"
}
},
"required": [
"level",
"type",
"permission"
],
"additionalProperties": false,
"tests": [
{
"description": "Valid right definition",
"input": {
"level": "tmod:@turbot/aws-s3#/permission/levels/admin",
"type": "tmod:@turbot/aws-s3#/permission/types/s3",
"permission": "s3:createBucket"
}
},
{
"description": "invalid type definition",
"input": {
"level": "tmod:@turbot/aws-s3#/permission/levels/admin",
"type": "tmod:@turbot/azure-s3#/permission/types/s3",
"permission": "s3:createBucket"
},
"expected": false
},
{
"description": "Invalid - Levels includes a non #/permission/levels/* path",
"expected": false,
"input": {
"level": "#/definitions/foo",
"type": "#/permission/types/foo",
"permission": "s3:createBucket"
}
},
{
"description": "Invalid - Types includes a non #/permission/types/* path",
"expected": false,
"input": {
"level": "#/permission/levels/user",
"type": "#/definitions/bar",
"permission": "s3:createBucket"
}
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsRightDefinition",
"modUri": "tmod:@turbot/aws-iam"
}
},
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/awsRightDefinitionList",
"modUri": "tmod:@turbot/aws-iam"
}
}

boundaryPermissionPolicy

Schema
{
"type": "string",
"minLength": 1,
"maxLength": 128,
"pattern": "^[A-Za-z0-9_+=,.@-]+$",
"tests": [
{
"input": "Foo,barbar"
},
{
"description": "max length",
"input": "a23456789_123456789_123456789_123456789_123456789_123456789_1234a23456789_123456789_123456789_123456789_123456789_123456789_1234"
},
{
"description": "invalid - empty string",
"input": "",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/boundaryPermissionPolicy",
"modUri": "tmod:@turbot/aws-iam"
}
}

certificateName

Schema
{
"type": "string",
"pattern": "^[A-Za-z0-9_+=,.@-]{1,128}$",
"tests": [
{
"description": "Valid - Base case",
"input": "test_certificate"
},
{
"description": "Invalid - length",
"input": "testhfghdyrhjdkloifhryhsgywghasknaklncksbdcbsdjbsjbvjsbvjkbsjvbsjkbvsbvjsbjvbsjvbsbjksdbvjksbvjbsdvbsdvjskbvjsbvsbvjkbsdjvbklbvhvlwbjkwblvbwvwivbwvhwivbwv",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/certificateName",
"modUri": "tmod:@turbot/aws-iam"
}
}

clientId

Schema
{
"type": "string",
"pattern": "^[a-zA-Z0-9:_.-/]{1,255}$",
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/clientId",
"modUri": "tmod:@turbot/aws-iam"
}
}

clientIdList

Schema
{
"type": "array",
"items": {
"$ref": "#/definitions/clientId"
},
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/clientIdList",
"modUri": "tmod:@turbot/aws-iam"
}
}

createdAt

Schema
{
"anyOf": [
{
"$ref": "turbot#/definitions/isoTimestamp"
},
{
"type": "null"
}
],
"tests": [
{
"input": null
},
{
"input": "2021-08-31T07:29:15+00:00"
},
{
"description": "invalid - string provided",
"input": "hello",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/createdAt",
"modUri": "tmod:@turbot/aws-iam"
}
}

credentialInfo

Schema
{
"type": "object",
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/credentialInfo",
"modUri": "tmod:@turbot/aws-iam"
}
}

credentialReport

Schema
{
"type": "object",
"properties": {
"credentialInfo": {
"$ref": "#/definitions/credentialInfo"
},
"turbot": {
"type": "object",
"properties": {
"akas": {
"type": "array",
"items": {
"$ref": "#/definitions/credentialReportAka"
}
},
"title": {
"$ref": "#/definitions/reportItemsElements"
},
"custom": {
"type": "object",
"properties": {
"aws": {
"$ref": "aws#/definitions/awsMetadata"
},
"createTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
}
}
}
}
}
},
"additionalProperties": true,
"tests": [
{
"description": "Valid - All properties",
"input": {
"credentialInfo": {
"<root_account>": {
"user": "<root_account>",
"arn": "arn:aws:iam::541046466378:root",
"user_creation_time": "2018-03-15T09:57:32+00:00",
"password_enabled": "not_supported",
"password_last_used": "2018-03-15T10:04:09+00:00",
"password_last_changed": "not_supported",
"password_next_rotation": "not_supported",
"mfa_active": "false",
"access_key_1_active": "false",
"access_key_1_last_rotated": "N/A",
"access_key_1_last_used_date": "N/A",
"access_key_1_last_used_region": "N/A",
"access_key_1_last_used_service": "N/A",
"access_key_2_active": "false",
"access_key_2_last_rotated": "N/A",
"access_key_2_last_used_date": "N/A",
"access_key_2_last_used_region": "N/A",
"access_key_2_last_used_service": "N/A",
"cert_1_active": "false",
"cert_1_last_rotated": "N/A",
"cert_2_active": "false",
"cert_2_last_rotated": "N/A"
},
"abhinash": {
"user": "abhinash",
"arn": "arn:aws:iam::541046466378:user/turbot/account/federated/abhinash",
"user_creation_time": "2019-03-27T15:37:23+00:00",
"password_enabled": "false",
"password_last_used": "N/A",
"password_last_changed": "N/A",
"password_next_rotation": "N/A",
"mfa_active": "false",
"access_key_1_active": "false",
"access_key_1_last_rotated": "N/A",
"access_key_1_last_used_date": "N/A",
"access_key_1_last_used_region": "N/A",
"access_key_1_last_used_service": "N/A",
"access_key_2_active": "false",
"access_key_2_last_rotated": "N/A",
"access_key_2_last_used_date": "N/A",
"access_key_2_last_used_region": "N/A",
"access_key_2_last_used_service": "N/A",
"cert_1_active": "false",
"cert_1_last_rotated": "N/A",
"cert_2_active": "false",
"cert_2_last_rotated": "N/A"
}
},
"turbot": {
"akas": [
"arn:aws:iam::aws:123456789012:credentialReport"
],
"title": "credentialReport",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
}
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/credentialReport",
"modUri": "tmod:@turbot/aws-iam"
}
}

credentialReportAka

Schema
{
"type": "string",
"pattern": "^arn:aws(-us-gov|-cn)?:iam::aws:[0-9]{12}:credentialReport$",
"tests": [
{
"description": "Valid - Base case",
"input": "arn:aws:iam::aws:492552618977:credentialReport"
},
{
"description": "Invalid - Malformed resource collection",
"input": "arn:aws:iam::aws:00011101982:group/aa",
"expected": false
},
{
"description": "Invalid - Missing ID",
"input": "arn:aws:iam::aws:group/test01",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/credentialReportAka",
"modUri": "tmod:@turbot/aws-iam"
}
}

defaultVersionId

Schema
{
"type": "string",
"pattern": "^v[1-9][0-9]*(.[A-Za-z0-9-]*)?$",
"tests": [
{
"input": "v1.5"
},
{
"input": "v11.6"
},
{
"input": "v99.bA"
},
{
"description": "invalid - should start with letter v",
"input": 1,
"expected": false
},
{
"descrption": "invalid - version should start with 1",
"input": "v0.1",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/defaultVersionId",
"modUri": "tmod:@turbot/aws-iam"
}
}

description

Schema
{
"type": "string",
"maxLength": 1000,
"tests": [
{
"input": "Foo,foo+fOO"
},
{
"input": "00123"
},
{
"input": "ab@cde"
},
{
"input": "Test.The-KitchenSink"
},
{
"description": "empty string",
"input": ""
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/description",
"modUri": "tmod:@turbot/aws-iam"
}
}

genericNumber

Schema
{
"type": "integer",
"tests": [
{
"input": 1234
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/genericNumber",
"modUri": "tmod:@turbot/aws-iam"
}
}

group

Schema
{
"type": "object",
"properties": {
"Arn": {
"$ref": "#/definitions/userArn"
},
"CreateDate": {
"$ref": "turbot#/definitions/isoTimestamp"
},
"GroupId": {
"$ref": "#/definitions/userId"
},
"GroupName": {
"$ref": "#/definitions/policyName"
},
"Path": {
"$ref": "#/definitions/userPath"
},
"Users": {
"type": "array"
},
"turbot": {
"type": "object",
"properties": {
"akas": {
"type": "array",
"items": {
"$ref": "#/definitions/groupAka"
}
},
"custom": {
"type": "object",
"properties": {
"aws": {
"$ref": "aws#/definitions/awsMetadata"
},
"createTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
}
}
}
}
}
},
"additionalProperties": true,
"tests": [
{
"description": "Valid - All properties",
"input": {
"Arn": "arn:aws:iam::123456789012:group/Admins",
"title": "Admins",
"CreateDate": "2018-30-07T18:15:20.000Z",
"GroupName": "Admins",
"GroupId": "AGPACKCEVSQ6C2EXAMPLE",
"Path": "/division_abc/subdivision_xyz/",
"turbot": {
"akas": [
"arn:aws:iam::123456789012:group/Admins"
],
"title": "Admins",
"custom": {
"aws": {
"accountId": 123456789012,
"regionName": "us-east-1"
}
}
}
}
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/group",
"modUri": "tmod:@turbot/aws-iam"
}
}

groupAka

Schema
{
"type": "string",
"pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:group/[A-Za-z0-9_+=,.@-]+$",
"tests": [
{
"description": "Valid - Base case",
"input": "arn:aws:iam::123456789012:group/Admins"
},
{
"description": "Invalid - Malformed resource collection",
"input": "arn:aws:iam::123456789012:groups/Admins",
"expected": false
},
{
"description": "Invalid - Malformed account ID",
"input": "arn:aws:iam::123456789012234:group/Admins",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/groupAka",
"modUri": "tmod:@turbot/aws-iam"
}
}

groupInlinePolicy

Schema
{
"type": "object",
"properties": {
"GroupName": {
"$ref": "#/definitions/policyName"
},
"PolicyName": {
"$ref": "#/definitions/policyName"
},
"turbot": {
"type": "object",
"properties": {
"akas": {
"type": "array",
"items": {
"$ref": "#/definitions/groupInlinePolicyAka"
}
},
"tags": {
"$ref": "aws#/definitions/tagsMap"
},
"title": {
"$ref": "#/definitions/policyName"
},
"custom": {
"type": "object",
"properties": {
"aws": {
"$ref": "aws#/definitions/awsMetadata"
},
"createTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
}
}
}
}
}
},
"required": [
"PolicyName",
"turbot",
"GroupName"
],
"additionalProperties": true,
"tests": [
{
"description": "Valid - All properties",
"input": {
"GroupName": "test01",
"PolicyName": "admin1",
"turbot": {
"akas": [
"arn:aws:iam::123456789012:group/test01/inline-policy/admin_1"
],
"title": "admin1",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
}
},
{
"description": "Invalid - Missing group name",
"input": {
"PolicyName": "admin1",
"turbot": {
"akas": [
"arn:aws:iam::123456789012:goup/test01/inline-policy/admin_1"
],
"title": "admin_1",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
},
"expected": false
},
{
"description": "Invalid - Missing Guardrails data",
"input": {
"GroupName": "test01",
"PolicyName": "admin1"
},
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/groupInlinePolicy",
"modUri": "tmod:@turbot/aws-iam"
}
}

groupInlinePolicyAka

Schema
{
"type": "string",
"pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:group/[A-Za-z0-9_+=,.@-]{1,64}/inline-policy/[A-Za-z0-9_+=,.@-]+$",
"tests": [
{
"description": "Valid - Base case",
"input": "arn:aws:iam::123456789012:group/test01/inline-policy/hf"
},
{
"description": "Invalid - Malformed resource collection",
"input": "arn:aws:iam::123456789012:groups/test01/inline-policy/hf",
"expected": false
},
{
"description": "Invalid - Malformed account ID",
"input": "arn:aws:iam::4653726:group/test01/inline-policy/hf",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/groupInlinePolicyAka",
"modUri": "tmod:@turbot/aws-iam"
}
}

groupPolicyAttachment

Schema
{
"type": "object",
"properties": {
"GroupName": {
"$ref": "#/definitions/policyName"
},
"PolicyName": {
"$ref": "#/definitions/policyName"
},
"PolicyArn": {
"$ref": "#/definitions/userArn"
},
"Id": {
"$ref": "#/definitions/policyAttachmentId"
},
"turbot": {
"type": "object",
"properties": {
"akas": {
"type": "array",
"items": {
"$ref": "#/definitions/groupPolicyAttachmentAka"
}
},
"title": {
"$ref": "#/definitions/policyAttachmentId"
},
"custom": {
"type": "object",
"properties": {
"aws": {
"$ref": "aws#/definitions/awsMetadata"
},
"createTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
}
}
}
}
}
},
"additionalProperties": true,
"tests": [
{
"description": "Valid - All properties",
"input": {
"GroupName": "test01",
"PolicyName": "admin_1",
"Id": "test01-admin_1",
"PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
"turbot": {
"akas": [
"arn:aws:iam::492552618977:group/test01/policy-attachment/AmazonEKSClusterPolicy"
],
"title": "test01-admin_1",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
}
},
{
"description": "Invalid - Missing PolicyName",
"input": {
"GroupName": "test01",
"Id": "test01-admin_1",
"PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
"turbot": {
"akas": [
"arn:aws:iam::aws:492552618977:group/test01/policy-attachment/AmazonEKSClusterPolicy"
],
"title": "Admin",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
},
"expected": false
},
{
"description": "Invalid - Missing turbot data",
"input": {
"GroupId": "AGPAJT5UGJLFBILHJUOXC",
"Id": "test01-AmazonEKSClusterPolicy",
"PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
"UserName": "Bob"
}
},
{
"description": "Inalid - Missing Id",
"input": {
"GroupName": "test01",
"PolicyName": "admin_1",
"PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
"turbot": {
"akas": [
"arn:aws:iam::492552618977:group/test01/policy-attachment/AmazonEKSClusterPolicy"
],
"title": "Admin",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
},
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/groupPolicyAttachment",
"modUri": "tmod:@turbot/aws-iam"
}
}

groupPolicyAttachmentAka

Schema
{
"type": "string",
"pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:group/[A-Za-z0-9_+=,.@-]{1,64}/policy-attachment/[A-Za-z0-9_.-]{1,128}$",
"tests": [
{
"description": "Valid - Base case",
"input": "arn:aws:iam::492552618977:group/test01/policy-attachment/policyname0123"
},
{
"description": "Invalid - Malformed resource collection",
"input": "arn:aws:iam::aws:00011101982:groups/aa/policy-attachment/policyname123",
"expected": false
},
{
"description": "Invalid - Missing ID",
"input": "arn:aws:iam::aws:group/test01/policy-attachment/policyname123",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/groupPolicyAttachmentAka",
"modUri": "tmod:@turbot/aws-iam"
}
}

iam

Schema
{
"allOf": [
{
"$ref": "turbot#/definitions/service"
},
{
"type": "object",
"properties": {
"name": {
"const": "IAM"
},
"turbot": {
"type": "object",
"properties": {
"akas": {
"type": "array",
"items": {
"$ref": "#/definitions/iamAka"
}
},
"title": {
"const": "IAM"
},
"custom": {
"type": "object",
"properties": {
"aws": {
"$ref": "aws#/definitions/awsMetadata"
}
}
}
}
}
},
"required": [
"name",
"turbot"
],
"additionalProperties": true,
"tests": [
{
"description": "iam",
"input": {
"name": "IAM",
"turbot": {
"akas": [
"arn:aws:iam::123456789012"
],
"title": "IAM",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
}
},
{
"description": "Invalid - Name does not match",
"input": {
"name": "IAM",
"turbot": {
"akas": [
"arn:aws:iam::123456789012"
],
"title": "IAM",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
},
"expected": false
},
{
"description": "Invalid - Service Name missing",
"input": {
"turbot": {
"akas": [
"arn:aws:iam::123456789012"
],
"title": "IAM",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
},
"expected": false
}
]
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/iam",
"modUri": "tmod:@turbot/aws-iam"
}
}

iamAka

Schema
{
"type": "string",
"pattern": "arn:aws(-us-gov|-cn)?:iam::[0-9]{12}$",
"tests": [
{
"description": "base",
"input": "arn:aws:iam::123456789012"
},
{
"description": "invalid service name",
"input": "arn:aws:iamjhkjfh::123456789012",
"expected": false
},
{
"description": "invalid account id",
"input": "arn:aws:iam::1234567890128364859934",
"expected": false
},
{
"description": "invalid provider name",
"input": "arn:gcp:iam::1234567890128364859934",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/iamAka",
"modUri": "tmod:@turbot/aws-iam"
}
}

iamPolicy

Schema
{
"type": "object",
"properties": {
"Arn": {
"$ref": "#/definitions/userArn"
},
"AttachmentCount": {
"$ref": "#/definitions/attachmentCount"
},
"DefaultVersionId": {
"$ref": "#/definitions/defaultVersionId"
},
"Description": {
"$ref": "#/definitions/description"
},
"IsAttachable": {
"type": "boolean"
},
"Path": {
"$ref": "#/definitions/policyPath"
},
"PermissionsBoundaryUsageCount": {
"$ref": "#/definitions/attachmentCount"
},
"PolicyId": {
"$ref": "#/definitions/userId"
},
"PolicyName": {
"$ref": "#/definitions/policyName"
},
"UpdateDate": {
"$ref": "turbot#/definitions/isoTimestamp"
},
"PolicyArn": {
"$ref": "#/definitions/userArn"
},
"PolicyVersion": {
"$ref": "#/definitions/policyVersion"
},
"turbot": {
"type": "object",
"properties": {
"akas": {
"type": "array",
"items": {
"$ref": "#/definitions/userArn"
}
},
"tags": {
"$ref": "aws#/definitions/tagsMap"
},
"title": {
"$ref": "#/definitions/policyName"
},
"custom": {
"type": "object",
"properties": {
"aws": {
"$ref": "aws#/definitions/awsMetadata"
},
"createTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
},
"lastUsedTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
}
}
}
}
}
},
"additionalProperties": true,
"tests": [
{
"description": "Base case",
"input": {
"Arn": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket",
"AttachmentCount": 9,
"DefaultVersionId": "v1",
"Path": "/",
"PolicyId": "AGPACKCEVSQ6C2EXAMPLE",
"PolicyName": "S3-read-only-example-bucket",
"Description": "Allows read-only access to the example bucket",
"UpdateDate": "2018-12-21T18:15:20.000Z",
"turbot": {
"akas": [
"arn:aws:iam::123456789012:policy/S3-read-only-example-bucket"
],
"tags": {
"Env": "Test",
"App": "Facebook"
},
"title": "S3-read-only-example-bucket",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
}
},
{
"description": "Invalid - Missing PolicyName",
"input": {
"Arn": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket",
"AttachmentCount": 9,
"DefaultVersionId": "v1",
"Path": "/",
"PolicyId": "AGPACKCEVSQ6C2EXAMPLE",
"Description": "Allows read-only access to the example bucket",
"UpdateDate": "2018-12-21T18:15:20.000Z",
"turbot": {
"akas": [
"arn:aws:iam::123456789012:policy/S3-read-only-example-bucket"
],
"tags": {
"Env": "Test",
"App": "Facebook"
},
"title": "S3-read-only-example-bucket",
"custom": {
"aws": {
"accountId": 123456789012,
"createTimestamp": "2018-10-08T09:22:07.000Z"
}
}
}
},
"expected": false
},
{
"description": "Invalid - Missing Arn",
"input": {
"AttachmentCount": 9,
"DefaultVersionId": "v1",
"Path": "/",
"PolicyName": "S3-read-only-example-bucket",
"PolicyId": "AGPACKCEVSQ6C2EXAMPLE",
"Description": "Allows read-only access to the example bucket",
"UpdateDate": "2018-12-21T18:15:20.000Z",
"turbot": {
"akas": [
"arn:aws:iam::123456789012:policy/S3-read-only-example-bucket"
],
"tags": {
"Env": "Test",
"App": "Facebook"
},
"title": "S3-read-only-example-bucket",
"custom": {
"aws": {
"accountId": 123456789012,
"createTimestamp": "2018-10-08T09:22:07.000Z"
}
}
}
},
"expected": false
},
{
"description": "Invalid - Missing Guardrails data",
"input": {
"Arn": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket",
"AttachmentCount": 9,
"DefaultVersionId": "v1",
"Path": "/",
"PolicyId": "AGPACKCEVSQ6C2EXAMPLE",
"PolicyName": "S3-read-only-example-bucket",
"Description": "Allows read-only access to the example bucket",
"UpdateDate": "2018-12-21T18:15:20.000Z"
}
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/iamPolicy",
"modUri": "tmod:@turbot/aws-iam"
}
}

instanceProfile

Schema
{
"type": "object",
"properties": {
"Arn": {
"$ref": "#/definitions/instanceProfileAka"
},
"createTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
},
"InstanceProfileName": {
"$ref": "#/definitions/instanceProfileName"
},
"Tags": {
"$ref": "aws#/definitions/tagList"
},
"turbot": {
"type": "object",
"properties": {
"akas": {
"type": "array",
"items": {
"$ref": "#/definitions/instanceProfileAka"
}
},
"tags": {
"$ref": "aws#/definitions/tagsMap"
},
"title": {
"$ref": "#/definitions/instanceProfileName"
},
"custom": {
"type": "object",
"properties": {
"aws": {
"$ref": "aws#/definitions/awsMetadata"
},
"createTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
}
}
}
}
}
},
"additionalProperties": true,
"tests": [
{
"description": "All properties given",
"input": {
"Arn": "arn:aws:iam::123456789012:instance-profile/turbot_instanceProfile_metadata",
"CreateDate": "2018-01-21T18:15:20.000Z",
"InstanceProfileName": "testinstanceProfile",
"turbot": {
"akas": [
"arn:aws:iam::123456789012:instance-profile/turbot_instanceProfile_metadata"
],
"title": "i-a2345678",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
}
},
{
"description": "Invalid - Missing Guardrails Data",
"input": {
"instanceProfileName": "AWSServiceinstanceProfileForAmazonGuardDuty",
"title": "Test-instanceProfile",
"Tags": [
{
"Key": "Name",
"Value": "testkey0"
},
{
"Key": "Name1",
"Value": "testkey01"
}
]
},
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/instanceProfile",
"modUri": "tmod:@turbot/aws-iam"
}
}

instanceProfileAka

Schema
{
"type": "string",
"pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:instance-profile/[A-Za-z0-9_+=,.@-]{1,64}$",
"tests": [
{
"description": "Valid - Base case",
"input": "arn:aws:iam::123456789012:instance-profile/turbot_instanceProfile_metadata"
},
{
"description": "Invalid - Malformed resource collection",
"input": "arn:aws:ec2:123456789012:instance-profiles/turbot_instanceProfile_metadata",
"expected": false
},
{
"description": "Invalid - Malformed account ID",
"input": "arn:aws:ec2:1234567892101489:instance-profile/turbot_instanceProfile_metadata",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/instanceProfileAka",
"modUri": "tmod:@turbot/aws-iam"
}
}

instanceProfileName

Schema
{
"type": "string",
"pattern": "^[-0-9a-zA-Z_+=,.@]{1,128}$",
"tests": [
{
"description": "Base test case",
"input": "sad"
},
{
"input": "sdsadcxa123acAXSASD"
},
{
"input": "00123"
},
{
"description": "invalid - empty string",
"input": "",
"expected": false
},
{
"description": "invalid - exceeding maximum limit",
"input": "sdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAX",
"expected": false
},
{
"description": "invalid - invalid character ~",
"input": "SADSA~asdsad",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/instanceProfileName",
"modUri": "tmod:@turbot/aws-iam"
}
}

lastResourceAnalyzedAt

Schema
{
"anyOf": [
{
"$ref": "turbot#/definitions/isoTimestamp"
},
{
"type": "null"
}
],
"tests": [
{
"input": null
},
{
"input": "2021-08-31T07:29:15+00:00"
},
{
"description": "invalid - string provided",
"input": "hello",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/lastResourceAnalyzedAt",
"modUri": "tmod:@turbot/aws-iam"
}
}

marker

Schema
{
"type": "string",
"minLength": 1,
"maxLength": 320,
"pattern": "^[ -ΓΏ]+$",
"tests": [
{
"input": "Foo,foo+fOO-bar"
},
{
"input": "00123"
},
{
"input": "ab@cde.com"
},
{
"input": "Test.The-Kitchen_Sink"
},
{
"description": "min length",
"input": "/"
},
{
"description": "max length",
"input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678_123456789_123456789_123456789_123456789_123456789_123456789_123"
},
{
"description": "invalid - too long",
"input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678_123456789_123456789_123456789_123456789_123456789_123456789_12345",
"expected": false
},
{
"description": "invalid - empty string",
"input": "",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/marker",
"modUri": "tmod:@turbot/aws-iam"
}
}

maxSessionDuration

Schema
{
"type": "integer",
"minimum": 3600,
"maximum": 43200,
"tests": [
{
"input": 12345
},
{
"description": "min value",
"input": 3600
},
{
"description": "max value",
"input": 43200
},
{
"description": "invalid - greater than max value",
"input": 11111111,
"expected": false
},
{
"description": "invalid - string type provided",
"input": "three",
"expected": false
},
{
"description": "invalid - decimal value provided",
"input": 4.5,
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/maxSessionDuration",
"modUri": "tmod:@turbot/aws-iam"
}
}

mfaVirtual

Schema
{
"type": "object",
"properties": {
"AssignmentStatus": {
"$ref": "#/definitions/assignmentStatus"
},
"VirtualMFADevices": {
"$ref": "#/definitions/virtualMFADevices"
},
"IsTruncated": {
"type": "boolean"
},
"Marker": {
"$ref": "#/definitions/marker"
},
"MaxItems": {
"$ref": "#/definitions/virtualMfaMaxItems"
},
"Tags": {
"$ref": "aws#/definitions/tagList"
},
"EnableDate": {
"$ref": "turbot#/definitions/isoTimestamp"
},
"SerialNumber": {
"$ref": "#/definitions/serialNumber"
},
"User": {
"$ref": "#/definitions/userName"
},
"turbot": {
"type": "object",
"properties": {
"akas": {
"type": "array",
"items": {
"$ref": "#/definitions/mfaVirtualAka"
}
},
"tags": {
"$ref": "aws#/definitions/tagsMap"
},
"title": {
"$ref": "#/definitions/userName"
},
"custom": {
"type": "object",
"properties": {
"aws": {
"$ref": "aws#/definitions/awsMetadata"
},
"createTimestamp": {
"$ref": "turbot#/definitions/isoTimestamp"
}
}
}
}
}
},
"required": [
"SerialNumber",
"turbot"
],
"additionalProperties": true,
"tests": [
{
"description": "Valid - All properties",
"input": {
"AssignmentStatus": "Any",
"Marker": "a123",
"MaxItems": 100,
"SerialNumber": "arn:aws:iam::492552618977:mfa/test_user",
"Tags": [
{
"Key": "Env",
"Value": "Test"
},
{
"Key": "App",
"Value": "Facebook"
}
],
"turbot": {
"akas": [
"arn:aws:iam::492552618977:mfa/test_user"
],
"tags": {
"Env": "Test",
"App": "Facebook"
},
"title": "Susan",
"custom": {
"aws": {
"accountId": 492552618977
}
}
}
}
},
{
"description": "Invalid - Missing SerialNumber",
"input": {
"AssignmentStatus": "Assigned",
"UserName": "Susan",
"Marker": "/",
"MaxItems": 1,
"Tags": [
{
"Key": "Env",
"Value": "Test"
},
{
"Key": "App",
"Value": "Facebook"
}
],
"turbot": {
"akas": [
"arn:aws:iam::492552618977:mfa/test_user"
],
"tags": {
"Env": "Test",
"App": "Facebook"
},
"title": "Susan",
"custom": {
"aws": {
"accountId": 123456789012
}
}
}
},
"expected": false
},
{
"description": "Invalid - Missing Guardrails data",
"input": {
"SerialNumber": "arn:aws:iam::492552618977:mfa/test_user",
"Tags": [
{
"Key": "Env",
"Value": "Test"
},
{
"Key": "App",
"Value": "Facebook"
}
],
"UserName": "Susan"
},
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/mfaVirtual",
"modUri": "tmod:@turbot/aws-iam"
}
}

mfaVirtualAka

Schema
{
"type": "string",
"pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:mfa/[A-Za-z0-9_-]{1,64}$",
"tests": [
{
"description": "Valid - Base case",
"input": "arn:aws:iam::492552618977:mfa/test_user"
},
{
"description": "Invalid - Malformed resource collection",
"input": "arn:aws:iam::492552618977:mfaa/test_user",
"expected": false
},
{
"description": "Invalid - Malformed account ID",
"input": "arn:aws:iam::389739167:mfa/test_user",
"expected": false
}
],
".turbot": {
"uri": "tmod:@turbot/aws-iam#/definitions/mfaVirtualAka",
"modUri": "tmod:@turbot/aws-iam"
}
}

openIdConnect

Schema
{
"type": "object",
"properties": {
"Arn": {
"$ref": "#/definitions/openIdConnectAka"
},
"Url": {
"type": "string"
},
"ClientIDList": {
"$ref": "#/definitions/clientIdList"
},
"ThumbprintList": {
"$ref": "#/definitions/thumbprintList"
},
"CreateDate": {
"$ref": "turbot#/definitions/isoTimestamp"
},
"Tags": {
"$ref": "aws#/definitions/tagList"
},
"turbot": {
"type": "object",
"properties": {
"akas": {