Product logo
DocsBlogPricing

Definitions for @turbot/aws-iam

accessAnalyzer

{
  "type": "object",
  "properties": {
    "arn": {
      "$ref": "#/definitions/accessAnalyzerArn"
    },
    "createdAt": {
      "$ref": "#/definitions/createdAt"
    },
    "lastResourceAnalyzed": {
      "type": "string"
    },
    "lastResourceAnalyzedAt": {
      "$ref": "#/definitions/lastResourceAnalyzedAt"
    },
    "name": {
      "$ref": "#/definitions/accessAnalyzerName"
    },
    "status": {
      "$ref": "#/definitions/accessAnalyzerStatus"
    },
    "type": {
      "$ref": "#/definitions/accessAnalyzerType"
    },
    "tags": {
      "$ref": "aws#/definitions/tagList"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/accessAnalyzerArn"
          }
        },
        "tags": {
          "$ref": "aws#/definitions/tagsMap"
        },
        "title": {
          "$ref": "#/definitions/accessAnalyzerName"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "arn": "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer",
        "createdAt": "2021-08-31T07:29:15+00:00",
        "lastResourceAnalyzed": "arn:aws:iam::986325076436:role/turbot/waf_readonly",
        "lastResourceAnalyzedAt": "2021-08-31T07:29:16.570000+00:00",
        "name": "sd-test-analyzer",
        "status": "ACTIVE",
        "tags": {},
        "type": "ACCOUNT",
        "turbot": {
          "akas": [
            "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer"
          ],
          "tags": {},
          "title": "sd-test-analyzer",
          "custom": {
            "aws": {
              "accountId": 986325076436
            },
            "createTimestamp": "2018-12-21T18:15:20.000Z"
          }
        }
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzer",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

accessAnalyzerArn

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:access-analyzer:[a-z]{2}(-gov)?-[a-z]+-[0-9]:[0-9]{12}:analyzer/[A-Za-z][A-Za-z0-9_.-]{0,255}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:ec2:us-east-1:123456789012:instances/i-a2345678",
      "expected": false
    },
    {
      "description": "Invalid - account id not valid",
      "input": "arn:aws:iam::1234234456789012:user/bob",
      "expected": false
    },
    {
      "description": "Invalid - special character 0-9_+=,.@- are allowed",
      "input": "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer!!!",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerArn",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

accessAnalyzerName

{
  "type": "string",
  "pattern": "^[A-Za-z][A-Za-z0-9_.-]{0,255}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "sd-test-analyzer"
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerName",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

accessAnalyzerStatus

{
  "type": "string",
  "enum": [
    "ACTIVE",
    "CREATING",
    "DISABLED",
    "FAILED"
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerStatus",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

accessAnalyzerType

{
  "type": "string",
  "enum": [
    "ACCOUNT",
    "ORGANIZATION"
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerType",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

accessKey

{
  "type": "object",
  "properties": {
    "AccessKeyId": {
      "$ref": "#/definitions/userId"
    },
    "CreateDate": {
      "$ref": "turbot#/definitions/isoTimestamp"
    },
    "SecretAccessKey": {
      "$ref": "#/definitions/secretAccessKey"
    },
    "Status": {
      "$ref": "#/definitions/status"
    },
    "UserName": {
      "$ref": "#/definitions/userName"
    },
    "AccessKeyLastUsed": {
      "type": "object"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/accessKeyAka"
          }
        },
        "title": {
          "$ref": "#/definitions/userName"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            },
            "lastUsedTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "AccessKeyId": "AKIA1234567890EXAMPLE",
        "CreateDate": "2018-30-07T18:15:20.000Z",
        "SecretAccessKey": 100,
        "Status": "Active",
        "UserName": "Bob",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:user/Bob/accesskey/AKIA1234567890EXAMPLE"
          ],
          "title": "Bob",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/accessKey",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

accessKeyAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:user/[A-Za-z0-9_+=,.@-]{1,64}/accesskey/[A-Za-z0-9]{16,128}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:user/Bob/accesskey/AKIA1234567890EXAMPLE"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:iam::123456789012:user/Bob/accesskeys/AKIA1234567890EXAMPLE",
      "expected": false
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:iam::1234567811213:user/Bob/accesskey/AKIA1234567890EXAMPLE",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/accessKeyAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

accountPasswordPolicy

{
  "type": "object",
  "properties": {
    "MinimumPasswordLength": {
      "type": "integer",
      "minimum": 6,
      "maximum": 128,
      "tests": [
        {
          "input": 5
        },
        {
          "input": 7
        },
        {
          "description": "minimum",
          "input": 6
        },
        {
          "description": "maximum",
          "input": 128
        },
        {
          "description": "invalid - decimal value provided",
          "input": 4.5,
          "expected": false
        },
        {
          "description": "invalid - string type provided",
          "input": "three",
          "expected": false
        },
        {
          "description": "invalid - less than minimum",
          "input": 1,
          "expected": false
        },
        {
          "description": "invalid - greater than maximum",
          "input": 129,
          "expected": false
        }
      ]
    },
    "RequireSymbols": {
      "type": "boolean",
      "tests": [
        {
          "input": false
        },
        {
          "input": true
        },
        {
          "description": "invalid - array",
          "input": [],
          "expected": false
        },
        {
          "description": "invalid - string",
          "input": "",
          "expected": false
        }
      ]
    },
    "RequireNumbers": {
      "type": "boolean",
      "tests": [
        {
          "input": false
        },
        {
          "input": true
        },
        {
          "description": "invalid - array",
          "input": [],
          "expected": false
        },
        {
          "description": "invalid - string",
          "input": "",
          "expected": false
        }
      ]
    },
    "RequireUppercaseCharacters": {
      "type": "boolean",
      "tests": [
        {
          "input": false
        },
        {
          "input": true
        },
        {
          "description": "invalid - array",
          "input": [],
          "expected": false
        },
        {
          "description": "invalid - string",
          "input": "",
          "expected": false
        }
      ]
    },
    "RequireLowercaseCharacters": {
      "type": "boolean",
      "tests": [
        {
          "input": false
        },
        {
          "input": true
        },
        {
          "description": "invalid - array",
          "input": [],
          "expected": false
        },
        {
          "description": "invalid - string",
          "input": "",
          "expected": false
        }
      ]
    },
    "AllowUsersToChangePassword": {
      "type": "boolean",
      "tests": [
        {
          "input": false
        },
        {
          "input": true
        },
        {
          "description": "invalid - array",
          "input": [],
          "expected": false
        },
        {
          "description": "invalid - string",
          "input": "",
          "expected": false
        }
      ]
    },
    "ExpirePasswords": {
      "type": "boolean",
      "tests": [
        {
          "input": false
        },
        {
          "input": true
        },
        {
          "description": "invalid - array",
          "input": [],
          "expected": false
        },
        {
          "description": "invalid - string",
          "input": "",
          "expected": false
        }
      ]
    },
    "HardExpiry": {
      "type": "boolean",
      "tests": [
        {
          "input": false
        },
        {
          "input": true
        },
        {
          "description": "invalid - array",
          "input": [],
          "expected": false
        },
        {
          "description": "invalid - string",
          "input": "",
          "expected": false
        }
      ]
    },
    "PasswordReusePrevention": {
      "type": "integer",
      "minimum": 1,
      "maximum": 24,
      "tests": [
        {
          "input": 5
        },
        {
          "input": 7
        },
        {
          "description": "minimum",
          "input": 1
        },
        {
          "description": "maximum",
          "input": 24
        },
        {
          "description": "invalid - decimal value provided",
          "input": 4.5,
          "expected": false
        },
        {
          "description": "invalid - string type provided",
          "input": "three",
          "expected": false
        },
        {
          "description": "invalid - less than minimum",
          "input": 0,
          "expected": false
        },
        {
          "description": "invalid - greater than maximum",
          "input": 129,
          "expected": false
        }
      ]
    },
    "MaxPasswordAge": {
      "type": "integer",
      "minimum": 1,
      "maximum": 1095,
      "tests": [
        {
          "input": 50
        },
        {
          "input": 70
        },
        {
          "description": "minimum",
          "input": 1
        },
        {
          "description": "maximum",
          "input": 1095
        },
        {
          "description": "invalid - decimal value provided",
          "input": 4.5,
          "expected": false
        },
        {
          "description": "invalid - string type provided",
          "input": "three",
          "expected": false
        },
        {
          "description": "invalid - less than minimum",
          "input": 0,
          "expected": false
        },
        {
          "description": "invalid - greater than maximum",
          "input": 1290,
          "expected": false
        }
      ]
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/accountPasswordPolicyAka"
          }
        },
        "tags": {
          "$ref": "aws#/definitions/tagsMap"
        },
        "title": {
          "type": "string"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "required": [
    "turbot",
    "MinimumPasswordLength",
    "RequireSymbols",
    "RequireNumbers",
    "RequireUppercaseCharacters",
    "RequireLowercaseCharacters",
    "AllowUsersToChangePassword",
    "ExpirePasswords"
  ],
  "tests": [
    {
      "description": "Valid - Base case",
      "input": {
        "MinimumPasswordLength": 14,
        "RequireSymbols": true,
        "RequireNumbers": true,
        "RequireUppercaseCharacters": true,
        "RequireLowercaseCharacters": true,
        "AllowUsersToChangePassword": false,
        "ExpirePasswords": true,
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:accountPasswordPolicy"
          ],
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    },
    {
      "description": "Invalid - Missing Guardrails data",
      "input": {
        "MinimumPasswordLength": 14,
        "RequireSymbols": true,
        "RequireNumbers": true,
        "RequireUppercaseCharacters": true,
        "RequireLowercaseCharacters": true,
        "AllowUsersToChangePassword": false,
        "ExpirePasswords": true
      },
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/accountPasswordPolicy",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

accountPasswordPolicyAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:accountPasswordPolicy$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:accountPasswordPolicy"
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:iam:123456764765789012:accountPasswordPolicy",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/accountPasswordPolicyAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

accountSummary

{
  "type": "object",
  "properties": {
    "GroupPolicySizeQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "InstanceProfilesQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "Policies": {
      "$ref": "#/definitions/genericNumber"
    },
    "GroupsPerUserQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "InstanceProfiles": {
      "$ref": "#/definitions/genericNumber"
    },
    "AttachedPoliciesPerUserQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "Users": {
      "$ref": "#/definitions/genericNumber"
    },
    "PoliciesQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "Providers": {
      "$ref": "#/definitions/genericNumber"
    },
    "AccountMFAEnabled": {
      "$ref": "#/definitions/genericNumber"
    },
    "AccessKeysPerUserQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "AssumeRolePolicySizeQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "PolicyVersionsInUseQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "VersionsPerPolicyQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "AttachedPoliciesPerGroupQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "PolicySizeQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "Groups": {
      "$ref": "#/definitions/genericNumber"
    },
    "AccountSigningCertificatesPresent": {
      "$ref": "#/definitions/genericNumber"
    },
    "UsersQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "ServerCertificatesQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "MFADevices": {
      "$ref": "#/definitions/genericNumber"
    },
    "UserPolicySizeQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "PolicyVersionsInUse": {
      "$ref": "#/definitions/genericNumber"
    },
    "ServerCertificates": {
      "$ref": "#/definitions/genericNumber"
    },
    "Roles": {
      "$ref": "#/definitions/genericNumber"
    },
    "RolesQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "SigningCertificatesPerUserQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "MFADevicesInUse": {
      "$ref": "#/definitions/genericNumber"
    },
    "RolePolicySizeQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "AttachedPoliciesPerRoleQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "AccountAccessKeysPresent": {
      "$ref": "#/definitions/genericNumber"
    },
    "GroupsQuota": {
      "$ref": "#/definitions/genericNumber"
    },
    "GlobalEndpointTokenVersion": {
      "$ref": "#/definitions/genericNumber"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/accountSummaryAka"
          }
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "AccessKeysPerUserQuota": 2,
        "AccountAccessKeysPresent": 1,
        "AccountMFAEnabled": 0,
        "AccountSigningCertificatesPresent": 0,
        "AttachedPoliciesPerGroupQuota": 10,
        "AttachedPoliciesPerRoleQuota": 10,
        "AttachedPoliciesPerUserQuota": 10,
        "GroupPolicySizeQuota": 5120,
        "Groups": 15,
        "GroupsPerUserQuota": 10,
        "GroupsQuota": 100,
        "MFADevices": 6,
        "MFADevicesInUse": 3,
        "Policies": 8,
        "PoliciesQuota": 1000,
        "PolicySizeQuota": 5120,
        "PolicyVersionsInUse": 22,
        "PolicyVersionsInUseQuota": 10000,
        "ServerCertificates": 1,
        "ServerCertificatesQuota": 20,
        "SigningCertificatesPerUserQuota": 2,
        "UserPolicySizeQuota": 2048,
        "Users": 27,
        "UsersQuota": 5000,
        "VersionsPerPolicyQuota": 5,
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:accountSummary"
          ],
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/accountSummary",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

accountSummaryAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:accountSummary$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:accountSummary"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:ec2:us-east-1:123456789012:instances/i-a2345678",
      "expected": false
    },
    {
      "description": "Invalid - Malformed region name",
      "input": "arn:aws:ec2:use-east-1:123456789012:instances/i-a2345678",
      "expected": false
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:ec2:us-east-1:1234567890123:instances/i-a2345678",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/accountSummaryAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

api

{
  "type": "string",
  "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[*])$",
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/api",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

apiBoundaries

{
  "type": "array",
  "items": {
    "type": "object",
    "additionalProperties": false,
    "properties": {
      "regionScope": {
        "type": "string",
        "enum": [
          "regional",
          "global"
        ],
        ".turbot": {
          "uri": "tmod:@turbot/aws-iam#/definitions/regionScope",
          "modUri": "tmod:@turbot/aws-iam"
        }
      },
      "api": {
        "type": "string",
        "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[*])$",
        ".turbot": {
          "uri": "tmod:@turbot/aws-iam#/definitions/api",
          "modUri": "tmod:@turbot/aws-iam"
        }
      }
    },
    "required": [
      "api",
      "regionScope"
    ],
    ".turbot": {
      "uri": "tmod:@turbot/aws-iam#/definitions/apiBoundary",
      "modUri": "tmod:@turbot/aws-iam"
    }
  },
  "tests": [
    {
      "description": "Valid test",
      "input": [
        {
          "api": "ec2:*",
          "regionScope": "regional"
        }
      ]
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/apiBoundaries",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

apiBoundary

{
  "type": "object",
  "additionalProperties": false,
  "properties": {
    "regionScope": {
      "type": "string",
      "enum": [
        "regional",
        "global"
      ],
      ".turbot": {
        "uri": "tmod:@turbot/aws-iam#/definitions/regionScope",
        "modUri": "tmod:@turbot/aws-iam"
      }
    },
    "api": {
      "type": "string",
      "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[*])$",
      ".turbot": {
        "uri": "tmod:@turbot/aws-iam#/definitions/api",
        "modUri": "tmod:@turbot/aws-iam"
      }
    }
  },
  "required": [
    "api",
    "regionScope"
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/apiBoundary",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

assignmentStatus

{
  "type": "string",
  "default": "Any",
  "enum": [
    "Assigned",
    "Unassigned",
    "Any"
  ],
  "tests": [
    {
      "input": "Assigned"
    },
    {
      "input": "Any"
    },
    {
      "description": "invalid - not listed in options",
      "input": "Reassigned",
      "expected": false
    },
    {
      "description": "invalid - null value",
      "input": null,
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/assignmentStatus",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

assumeRolePolicyDocument

{
  "type": "object",
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/assumeRolePolicyDocument",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

attachmentCount

{
  "type": "integer",
  "tests": [
    {
      "input": 123456789
    },
    {
      "input": 4
    },
    {
      "description": "invalid - string type provided",
      "input": "three",
      "expected": false
    },
    {
      "description": "invalid - decimal value provided",
      "input": 4.5,
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/attachmentCount",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

awsLevelDefinition

{
  "description": "Internal format for Guardrails Levels.",
  "type": "object",
  "properties": {
    "level": {
      "type": "string",
      "format": "uri-reference",
      ".turbot": {
        "uri": "tmod:@turbot/turbot#/definitions/$ref",
        "modUri": "tmod:@turbot/turbot"
      },
      "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist"
    },
    "type": {
      "type": "string",
      "format": "uri-reference",
      ".turbot": {
        "uri": "tmod:@turbot/turbot#/definitions/$ref",
        "modUri": "tmod:@turbot/turbot"
      },
      "pattern": "^tmod:@turbot/aws"
    }
  },
  "required": [
    "level",
    "type"
  ],
  "additionalProperties": false,
  "tests": [
    {
      "description": "Valid level definition",
      "input": {
        "level": "tmod:@turbot/aws-s3#/permission/levels/admin",
        "type": "tmod:@turbot/aws-s3#/permission/types/s3"
      }
    },
    {
      "description": "invalid type definition",
      "input": {
        "level": "tmod:@turbot/aws-s3#/permission/levels/admin",
        "type": "tmod:@turbot/azure-s3#/permission/types/s3"
      },
      "expected": false
    },
    {
      "description": "Invalid - Levels includes a non #/permission/levels/* path",
      "expected": false,
      "input": {
        "level": "#/definitions/foo",
        "type": "#/permission/types/foo"
      }
    },
    {
      "description": "Invalid - Types includes a non #/permission/types/* path",
      "expected": false,
      "input": {
        "level": "#/permission/levels/user",
        "type": "#/definitions/bar"
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinition",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

awsLevelDefinitionList

{
  "description": "Internal format for Guardrails Levels registrations.",
  "type": "array",
  "items": {
    "description": "Internal format for Guardrails Levels.",
    "type": "object",
    "properties": {
      "level": {
        "type": "string",
        "format": "uri-reference",
        ".turbot": {
          "uri": "tmod:@turbot/turbot#/definitions/$ref",
          "modUri": "tmod:@turbot/turbot"
        },
        "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist"
      },
      "type": {
        "type": "string",
        "format": "uri-reference",
        ".turbot": {
          "uri": "tmod:@turbot/turbot#/definitions/$ref",
          "modUri": "tmod:@turbot/turbot"
        },
        "pattern": "^tmod:@turbot/aws"
      }
    },
    "required": [
      "level",
      "type"
    ],
    "additionalProperties": false,
    "tests": [
      {
        "description": "Valid level definition",
        "input": {
          "level": "tmod:@turbot/aws-s3#/permission/levels/admin",
          "type": "tmod:@turbot/aws-s3#/permission/types/s3"
        }
      },
      {
        "description": "invalid type definition",
        "input": {
          "level": "tmod:@turbot/aws-s3#/permission/levels/admin",
          "type": "tmod:@turbot/azure-s3#/permission/types/s3"
        },
        "expected": false
      },
      {
        "description": "Invalid - Levels includes a non #/permission/levels/* path",
        "expected": false,
        "input": {
          "level": "#/definitions/foo",
          "type": "#/permission/types/foo"
        }
      },
      {
        "description": "Invalid - Types includes a non #/permission/types/* path",
        "expected": false,
        "input": {
          "level": "#/permission/levels/user",
          "type": "#/definitions/bar"
        }
      }
    ],
    ".turbot": {
      "uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinition",
      "modUri": "tmod:@turbot/aws-iam"
    }
  },
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinitionList",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

awsModifier

{
  "type": "object",
  "patternProperties": {
    "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[A-Za-z0-9]+)$": {
      "type": "string",
      "pattern": "^user|metadata|readonly|admin|owner|operator|none|whitelist|superuser",
      "tests": [
        {
          "input": "metadata"
        },
        {
          "input": "operator"
        },
        {
          "description": "invalid - includes $",
          "input": "something",
          "expected": false
        }
      ],
      ".turbot": {
        "uri": "tmod:@turbot/aws-iam#/definitions/awsModifierLevelReference",
        "modUri": "tmod:@turbot/aws-iam"
      }
    }
  },
  "additionalProperties": false,
  "tests": [
    {
      "description": "valid - base case",
      "input": {
        "s3:create": "metadata"
      }
    },
    {
      "description": "invalid - level",
      "input": {
        "s3:create": "some"
      },
      "expected": false
    },
    {
      "description": "invalid - perms",
      "input": {
        "s3:": "some"
      },
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/awsModifier",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

awsModifierLevelReference

{
  "type": "string",
  "pattern": "^user|metadata|readonly|admin|owner|operator|none|whitelist|superuser",
  "tests": [
    {
      "input": "metadata"
    },
    {
      "input": "operator"
    },
    {
      "description": "invalid - includes $",
      "input": "something",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/awsModifierLevelReference",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

awsModifierList

{
  "default": [],
  "type": "array",
  "items": {
    "type": "object",
    "patternProperties": {
      "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[A-Za-z0-9]+)$": {
        "type": "string",
        "pattern": "^user|metadata|readonly|admin|owner|operator|none|whitelist|superuser",
        "tests": [
          {
            "input": "metadata"
          },
          {
            "input": "operator"
          },
          {
            "description": "invalid - includes $",
            "input": "something",
            "expected": false
          }
        ],
        ".turbot": {
          "uri": "tmod:@turbot/aws-iam#/definitions/awsModifierLevelReference",
          "modUri": "tmod:@turbot/aws-iam"
        }
      }
    },
    "additionalProperties": false,
    "tests": [
      {
        "description": "valid - base case",
        "input": {
          "s3:create": "metadata"
        }
      },
      {
        "description": "invalid - level",
        "input": {
          "s3:create": "some"
        },
        "expected": false
      },
      {
        "description": "invalid - perms",
        "input": {
          "s3:": "some"
        },
        "expected": false
      }
    ],
    ".turbot": {
      "uri": "tmod:@turbot/aws-iam#/definitions/awsModifier",
      "modUri": "tmod:@turbot/aws-iam"
    }
  },
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/awsModifierList",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

awsPermissionLevelReference

{
  "allOf": [
    {
      "$ref": "turbot#/definitions/permissionLevelReference"
    },
    {
      "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist"
    }
  ],
  "tests": [
    {
      "description": "valid permission type",
      "input": "tmod:@turbot/aws-s3#/permission/levels/admin"
    },
    {
      "description": "invalid - aws permission type",
      "input": "tmod:@turbot/azure-storage#/permission/types/storage",
      "expected": false
    },
    {
      "description": "invalid - category",
      "input": "tmod:@turbot/aws-s3#/control/types/bucketApproved",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/awsPermissionLevelReference",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

awsPermissionReference

{
  "allOf": [
    {
      "$ref": "turbot#/definitions/permissionReference"
    },
    {
      "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:\\*|[A-Za-z0-9]+)$"
    }
  ],
  "tests": [
    {
      "description": "valid",
      "input": "test:me"
    },
    {
      "description": "valid",
      "input": "test:you"
    },
    {
      "description": "valid",
      "input": "test:*"
    },
    {
      "description": "valid",
      "input": "S3:Test"
    },
    {
      "description": "valid",
      "input": "cognito-sync:test"
    },
    {
      "description": "valid",
      "input": "a:test"
    },
    {
      "description": "invalid - aws permission",
      "input": "some-:t",
      "expected": false
    },
    {
      "description": "invalid - no space",
      "input": "some- :t",
      "expected": false
    },
    {
      "description": "invalid - should not start with -",
      "input": "-as:t",
      "expected": false
    },
    {
      "description": "invalid - should not end with multiple **",
      "input": "-as:t**",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/awsPermissionReference",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

awsPermissionTypeReference

{
  "allOf": [
    {
      "$ref": "turbot#/definitions/permissionTypeReference"
    },
    {
      "pattern": "^tmod:@turbot/aws"
    }
  ],
  "tests": [
    {
      "description": "valid permission type",
      "input": "tmod:@turbot/aws-s3#/permission/types/s3"
    },
    {
      "description": "invalid - aws permission type",
      "input": "tmod:@turbot/azure-storage#/permission/types/storage",
      "expected": false
    },
    {
      "description": "invalid - category",
      "input": "tmod:@turbot/aws-s3#/control/types/bucketApproved",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/awsPermissionTypeReference",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

awsRightDefinition

{
  "description": "Internal format for Guardrails Rights registrations.",
  "type": "object",
  "properties": {
    "level": {
      "type": "string",
      "format": "uri-reference",
      ".turbot": {
        "uri": "tmod:@turbot/turbot#/definitions/$ref",
        "modUri": "tmod:@turbot/turbot"
      },
      "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist"
    },
    "type": {
      "type": "string",
      "format": "uri-reference",
      ".turbot": {
        "uri": "tmod:@turbot/turbot#/definitions/$ref",
        "modUri": "tmod:@turbot/turbot"
      },
      "pattern": "^tmod:@turbot/aws"
    },
    "permission": {
      "type": "string",
      "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:\\*|[A-Za-z0-9]+)$"
    }
  },
  "required": [
    "level",
    "type",
    "permission"
  ],
  "additionalProperties": false,
  "tests": [
    {
      "description": "Valid right definition",
      "input": {
        "level": "tmod:@turbot/aws-s3#/permission/levels/admin",
        "type": "tmod:@turbot/aws-s3#/permission/types/s3",
        "permission": "s3:createBucket"
      }
    },
    {
      "description": "invalid type definition",
      "input": {
        "level": "tmod:@turbot/aws-s3#/permission/levels/admin",
        "type": "tmod:@turbot/azure-s3#/permission/types/s3",
        "permission": "s3:createBucket"
      },
      "expected": false
    },
    {
      "description": "Invalid - Levels includes a non #/permission/levels/* path",
      "expected": false,
      "input": {
        "level": "#/definitions/foo",
        "type": "#/permission/types/foo",
        "permission": "s3:createBucket"
      }
    },
    {
      "description": "Invalid - Types includes a non #/permission/types/* path",
      "expected": false,
      "input": {
        "level": "#/permission/levels/user",
        "type": "#/definitions/bar",
        "permission": "s3:createBucket"
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/awsRightDefinition",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

awsRightDefinitionList

{
  "description": "Internal format for Guardrails Rights registrations.",
  "type": "array",
  "items": {
    "description": "Internal format for Guardrails Rights registrations.",
    "type": "object",
    "properties": {
      "level": {
        "type": "string",
        "format": "uri-reference",
        ".turbot": {
          "uri": "tmod:@turbot/turbot#/definitions/$ref",
          "modUri": "tmod:@turbot/turbot"
        },
        "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist"
      },
      "type": {
        "type": "string",
        "format": "uri-reference",
        ".turbot": {
          "uri": "tmod:@turbot/turbot#/definitions/$ref",
          "modUri": "tmod:@turbot/turbot"
        },
        "pattern": "^tmod:@turbot/aws"
      },
      "permission": {
        "type": "string",
        "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:\\*|[A-Za-z0-9]+)$"
      }
    },
    "required": [
      "level",
      "type",
      "permission"
    ],
    "additionalProperties": false,
    "tests": [
      {
        "description": "Valid right definition",
        "input": {
          "level": "tmod:@turbot/aws-s3#/permission/levels/admin",
          "type": "tmod:@turbot/aws-s3#/permission/types/s3",
          "permission": "s3:createBucket"
        }
      },
      {
        "description": "invalid type definition",
        "input": {
          "level": "tmod:@turbot/aws-s3#/permission/levels/admin",
          "type": "tmod:@turbot/azure-s3#/permission/types/s3",
          "permission": "s3:createBucket"
        },
        "expected": false
      },
      {
        "description": "Invalid - Levels includes a non #/permission/levels/* path",
        "expected": false,
        "input": {
          "level": "#/definitions/foo",
          "type": "#/permission/types/foo",
          "permission": "s3:createBucket"
        }
      },
      {
        "description": "Invalid - Types includes a non #/permission/types/* path",
        "expected": false,
        "input": {
          "level": "#/permission/levels/user",
          "type": "#/definitions/bar",
          "permission": "s3:createBucket"
        }
      }
    ],
    ".turbot": {
      "uri": "tmod:@turbot/aws-iam#/definitions/awsRightDefinition",
      "modUri": "tmod:@turbot/aws-iam"
    }
  },
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/awsRightDefinitionList",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

boundaryPermissionPolicy

{
  "type": "string",
  "minLength": 1,
  "maxLength": 128,
  "pattern": "^[A-Za-z0-9_+=,.@-]+$",
  "tests": [
    {
      "input": "Foo,barbar"
    },
    {
      "description": "max length",
      "input": "a23456789_123456789_123456789_123456789_123456789_123456789_1234a23456789_123456789_123456789_123456789_123456789_123456789_1234"
    },
    {
      "description": "invalid - empty string",
      "input": "",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/boundaryPermissionPolicy",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

certificateName

{
  "type": "string",
  "pattern": "^[A-Za-z0-9_+=,.@-]{1,128}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "test_certificate"
    },
    {
      "description": "Invalid - length",
      "input": "testhfghdyrhjdkloifhryhsgywghasknaklncksbdcbsdjbsjbvjsbvjkbsjvbsjkbvsbvjsbjvbsjvbsbjksdbvjksbvjbsdvbsdvjskbvjsbvsbvjkbsdjvbklbvhvlwbjkwblvbwvwivbwvhwivbwv",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/certificateName",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

clientId

{
  "type": "string",
  "pattern": "^[a-zA-Z0-9:_.-/]{1,255}$",
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/clientId",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

clientIdList

{
  "type": "array",
  "items": {
    "$ref": "#/definitions/clientId"
  },
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/clientIdList",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

createdAt

{
  "anyOf": [
    {
      "$ref": "turbot#/definitions/isoTimestamp"
    },
    {
      "type": "null"
    }
  ],
  "tests": [
    {
      "input": null
    },
    {
      "input": "2021-08-31T07:29:15+00:00"
    },
    {
      "description": "invalid - string provided",
      "input": "hello",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/createdAt",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

credentialInfo

{
  "type": "object",
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/credentialInfo",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

credentialReport

{
  "type": "object",
  "properties": {
    "credentialInfo": {
      "$ref": "#/definitions/credentialInfo"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/credentialReportAka"
          }
        },
        "title": {
          "$ref": "#/definitions/reportItemsElements"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "credentialInfo": {
          "<root_account>": {
            "user": "<root_account>",
            "arn": "arn:aws:iam::541046466378:root",
            "user_creation_time": "2018-03-15T09:57:32+00:00",
            "password_enabled": "not_supported",
            "password_last_used": "2018-03-15T10:04:09+00:00",
            "password_last_changed": "not_supported",
            "password_next_rotation": "not_supported",
            "mfa_active": "false",
            "access_key_1_active": "false",
            "access_key_1_last_rotated": "N/A",
            "access_key_1_last_used_date": "N/A",
            "access_key_1_last_used_region": "N/A",
            "access_key_1_last_used_service": "N/A",
            "access_key_2_active": "false",
            "access_key_2_last_rotated": "N/A",
            "access_key_2_last_used_date": "N/A",
            "access_key_2_last_used_region": "N/A",
            "access_key_2_last_used_service": "N/A",
            "cert_1_active": "false",
            "cert_1_last_rotated": "N/A",
            "cert_2_active": "false",
            "cert_2_last_rotated": "N/A"
          },
          "abhinash": {
            "user": "abhinash",
            "arn": "arn:aws:iam::541046466378:user/turbot/account/federated/abhinash",
            "user_creation_time": "2019-03-27T15:37:23+00:00",
            "password_enabled": "false",
            "password_last_used": "N/A",
            "password_last_changed": "N/A",
            "password_next_rotation": "N/A",
            "mfa_active": "false",
            "access_key_1_active": "false",
            "access_key_1_last_rotated": "N/A",
            "access_key_1_last_used_date": "N/A",
            "access_key_1_last_used_region": "N/A",
            "access_key_1_last_used_service": "N/A",
            "access_key_2_active": "false",
            "access_key_2_last_rotated": "N/A",
            "access_key_2_last_used_date": "N/A",
            "access_key_2_last_used_region": "N/A",
            "access_key_2_last_used_service": "N/A",
            "cert_1_active": "false",
            "cert_1_last_rotated": "N/A",
            "cert_2_active": "false",
            "cert_2_last_rotated": "N/A"
          }
        },
        "turbot": {
          "akas": [
            "arn:aws:iam::aws:123456789012:credentialReport"
          ],
          "title": "credentialReport",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/credentialReport",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

credentialReportAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::aws:[0-9]{12}:credentialReport$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::aws:492552618977:credentialReport"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:iam::aws:00011101982:group/aa",
      "expected": false
    },
    {
      "description": "Invalid - Missing ID",
      "input": "arn:aws:iam::aws:group/test01",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/credentialReportAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

defaultVersionId

{
  "type": "string",
  "pattern": "^v[1-9][0-9]*(.[A-Za-z0-9-]*)?$",
  "tests": [
    {
      "input": "v1.5"
    },
    {
      "input": "v11.6"
    },
    {
      "input": "v99.bA"
    },
    {
      "description": "invalid - should start with letter v",
      "input": 1,
      "expected": false
    },
    {
      "descrption": "invalid - version should start with 1",
      "input": "v0.1",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/defaultVersionId",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

description

{
  "type": "string",
  "maxLength": 1000,
  "tests": [
    {
      "input": "Foo,foo+fOO"
    },
    {
      "input": "00123"
    },
    {
      "input": "ab@cde"
    },
    {
      "input": "Test.The-KitchenSink"
    },
    {
      "description": "empty string",
      "input": ""
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/description",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

genericNumber

{
  "type": "integer",
  "tests": [
    {
      "input": 1234
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/genericNumber",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

group

{
  "type": "object",
  "properties": {
    "Arn": {
      "$ref": "#/definitions/userArn"
    },
    "CreateDate": {
      "$ref": "turbot#/definitions/isoTimestamp"
    },
    "GroupId": {
      "$ref": "#/definitions/userId"
    },
    "GroupName": {
      "$ref": "#/definitions/policyName"
    },
    "Path": {
      "$ref": "#/definitions/userPath"
    },
    "Users": {
      "type": "array"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/groupAka"
          }
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "Arn": "arn:aws:iam::123456789012:group/Admins",
        "title": "Admins",
        "CreateDate": "2018-30-07T18:15:20.000Z",
        "GroupName": "Admins",
        "GroupId": "AGPACKCEVSQ6C2EXAMPLE",
        "Path": "/division_abc/subdivision_xyz/",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:group/Admins"
          ],
          "title": "Admins",
          "custom": {
            "aws": {
              "accountId": 123456789012,
              "regionName": "us-east-1"
            }
          }
        }
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/group",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

groupAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:group/[A-Za-z0-9_+=,.@-]+$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:group/Admins"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:iam::123456789012:groups/Admins",
      "expected": false
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:iam::123456789012234:group/Admins",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/groupAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

groupInlinePolicy

{
  "type": "object",
  "properties": {
    "GroupName": {
      "$ref": "#/definitions/policyName"
    },
    "PolicyName": {
      "$ref": "#/definitions/policyName"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/groupInlinePolicyAka"
          }
        },
        "tags": {
          "$ref": "aws#/definitions/tagsMap"
        },
        "title": {
          "$ref": "#/definitions/policyName"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "required": [
    "PolicyName",
    "turbot",
    "GroupName"
  ],
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "GroupName": "test01",
        "PolicyName": "admin1",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:group/test01/inline-policy/admin_1"
          ],
          "title": "admin1",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    },
    {
      "description": "Invalid - Missing group name",
      "input": {
        "PolicyName": "admin1",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:goup/test01/inline-policy/admin_1"
          ],
          "title": "admin_1",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      },
      "expected": false
    },
    {
      "description": "Invalid - Missing Guardrails data",
      "input": {
        "GroupName": "test01",
        "PolicyName": "admin1"
      },
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/groupInlinePolicy",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

groupInlinePolicyAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:group/[A-Za-z0-9_+=,.@-]{1,64}/inline-policy/[A-Za-z0-9_+=,.@-]+$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:group/test01/inline-policy/hf"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:iam::123456789012:groups/test01/inline-policy/hf",
      "expected": false
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:iam::4653726:group/test01/inline-policy/hf",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/groupInlinePolicyAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

groupPolicyAttachment

{
  "type": "object",
  "properties": {
    "GroupName": {
      "$ref": "#/definitions/policyName"
    },
    "PolicyName": {
      "$ref": "#/definitions/policyName"
    },
    "PolicyArn": {
      "$ref": "#/definitions/userArn"
    },
    "Id": {
      "$ref": "#/definitions/policyAttachmentId"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/groupPolicyAttachmentAka"
          }
        },
        "title": {
          "$ref": "#/definitions/policyAttachmentId"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "GroupName": "test01",
        "PolicyName": "admin_1",
        "Id": "test01-admin_1",
        "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
        "turbot": {
          "akas": [
            "arn:aws:iam::492552618977:group/test01/policy-attachment/AmazonEKSClusterPolicy"
          ],
          "title": "test01-admin_1",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    },
    {
      "description": "Invalid - Missing PolicyName",
      "input": {
        "GroupName": "test01",
        "Id": "test01-admin_1",
        "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
        "turbot": {
          "akas": [
            "arn:aws:iam::aws:492552618977:group/test01/policy-attachment/AmazonEKSClusterPolicy"
          ],
          "title": "Admin",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      },
      "expected": false
    },
    {
      "description": "Invalid - Missing turbot data",
      "input": {
        "GroupId": "AGPAJT5UGJLFBILHJUOXC",
        "Id": "test01-AmazonEKSClusterPolicy",
        "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
        "UserName": "Bob"
      }
    },
    {
      "description": "Inalid - Missing Id",
      "input": {
        "GroupName": "test01",
        "PolicyName": "admin_1",
        "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
        "turbot": {
          "akas": [
            "arn:aws:iam::492552618977:group/test01/policy-attachment/AmazonEKSClusterPolicy"
          ],
          "title": "Admin",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      },
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/groupPolicyAttachment",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

groupPolicyAttachmentAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:group/[A-Za-z0-9_+=,.@-]{1,64}/policy-attachment/[A-Za-z0-9_.-]{1,128}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::492552618977:group/test01/policy-attachment/policyname0123"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:iam::aws:00011101982:groups/aa/policy-attachment/policyname123",
      "expected": false
    },
    {
      "description": "Invalid - Missing ID",
      "input": "arn:aws:iam::aws:group/test01/policy-attachment/policyname123",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/groupPolicyAttachmentAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

groupServiceNow

{
  "defaultColumns": {
    "account_id": {
      "column": "enabled",
      "label": "Account ID"
    },
    "arn": {
      "column": "enabled",
      "label": "ARN"
    },
    "attached_policies": {
      "column": "enabled",
      "label": "Attached Policies",
      "type": "string",
      "size": 1000
    },
    "create_date": {
      "column": "enabled",
      "label": "Create Date"
    },
    "group_id": {
      "column": "enabled",
      "label": "Group ID"
    },
    "group_name": {
      "column": "enabled",
      "path": "data.GroupName"
    },
    "path": {
      "column": "enabled",
      "label": "Path"
    },
    "users": {
      "column": "enabled",
      "label": "Users",
      "type": "string",
      "size": 1000
    }
  },
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/groupServiceNow",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

iam

{
  "allOf": [
    {
      "$ref": "turbot#/definitions/service"
    },
    {
      "type": "object",
      "properties": {
        "name": {
          "const": "IAM"
        },
        "turbot": {
          "type": "object",
          "properties": {
            "akas": {
              "type": "array",
              "items": {
                "$ref": "#/definitions/iamAka"
              }
            },
            "title": {
              "const": "IAM"
            },
            "custom": {
              "type": "object",
              "properties": {
                "aws": {
                  "$ref": "aws#/definitions/awsMetadata"
                }
              }
            }
          }
        }
      },
      "required": [
        "name",
        "turbot"
      ],
      "additionalProperties": true,
      "tests": [
        {
          "description": "iam",
          "input": {
            "name": "IAM",
            "turbot": {
              "akas": [
                "arn:aws:iam::123456789012"
              ],
              "title": "IAM",
              "custom": {
                "aws": {
                  "accountId": 123456789012
                }
              }
            }
          }
        },
        {
          "description": "Invalid - Name does not match",
          "input": {
            "name": "IAM",
            "turbot": {
              "akas": [
                "arn:aws:iam::123456789012"
              ],
              "title": "IAM",
              "custom": {
                "aws": {
                  "accountId": 123456789012
                }
              }
            }
          },
          "expected": false
        },
        {
          "description": "Invalid - Service Name missing",
          "input": {
            "turbot": {
              "akas": [
                "arn:aws:iam::123456789012"
              ],
              "title": "IAM",
              "custom": {
                "aws": {
                  "accountId": 123456789012
                }
              }
            }
          },
          "expected": false
        }
      ]
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/iam",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

iamAka

{
  "type": "string",
  "pattern": "arn:aws(-us-gov|-cn)?:iam::[0-9]{12}$",
  "tests": [
    {
      "description": "base",
      "input": "arn:aws:iam::123456789012"
    },
    {
      "description": "invalid service name",
      "input": "arn:aws:iamjhkjfh::123456789012",
      "expected": false
    },
    {
      "description": "invalid account id",
      "input": "arn:aws:iam::1234567890128364859934",
      "expected": false
    },
    {
      "description": "invalid provider name",
      "input": "arn:gcp:iam::1234567890128364859934",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/iamAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

iamPolicy

{
  "type": "object",
  "properties": {
    "Arn": {
      "$ref": "#/definitions/userArn"
    },
    "AttachmentCount": {
      "$ref": "#/definitions/attachmentCount"
    },
    "DefaultVersionId": {
      "$ref": "#/definitions/defaultVersionId"
    },
    "Description": {
      "$ref": "#/definitions/description"
    },
    "IsAttachable": {
      "type": "boolean"
    },
    "Path": {
      "$ref": "#/definitions/policyPath"
    },
    "PermissionsBoundaryUsageCount": {
      "$ref": "#/definitions/attachmentCount"
    },
    "PolicyId": {
      "$ref": "#/definitions/userId"
    },
    "PolicyName": {
      "$ref": "#/definitions/policyName"
    },
    "UpdateDate": {
      "$ref": "turbot#/definitions/isoTimestamp"
    },
    "PolicyArn": {
      "$ref": "#/definitions/userArn"
    },
    "PolicyVersion": {
      "$ref": "#/definitions/policyVersion"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/userArn"
          }
        },
        "tags": {
          "$ref": "aws#/definitions/tagsMap"
        },
        "title": {
          "$ref": "#/definitions/policyName"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            },
            "lastUsedTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "Base case",
      "input": {
        "Arn": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket",
        "AttachmentCount": 9,
        "DefaultVersionId": "v1",
        "Path": "/",
        "PolicyId": "AGPACKCEVSQ6C2EXAMPLE",
        "PolicyName": "S3-read-only-example-bucket",
        "Description": "Allows read-only access to the example bucket",
        "UpdateDate": "2018-12-21T18:15:20.000Z",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket"
          ],
          "tags": {
            "Env": "Test",
            "App": "Facebook"
          },
          "title": "S3-read-only-example-bucket",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    },
    {
      "description": "Invalid - Missing PolicyName",
      "input": {
        "Arn": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket",
        "AttachmentCount": 9,
        "DefaultVersionId": "v1",
        "Path": "/",
        "PolicyId": "AGPACKCEVSQ6C2EXAMPLE",
        "Description": "Allows read-only access to the example bucket",
        "UpdateDate": "2018-12-21T18:15:20.000Z",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket"
          ],
          "tags": {
            "Env": "Test",
            "App": "Facebook"
          },
          "title": "S3-read-only-example-bucket",
          "custom": {
            "aws": {
              "accountId": 123456789012,
              "createTimestamp": "2018-10-08T09:22:07.000Z"
            }
          }
        }
      },
      "expected": false
    },
    {
      "description": "Invalid - Missing Arn",
      "input": {
        "AttachmentCount": 9,
        "DefaultVersionId": "v1",
        "Path": "/",
        "PolicyName": "S3-read-only-example-bucket",
        "PolicyId": "AGPACKCEVSQ6C2EXAMPLE",
        "Description": "Allows read-only access to the example bucket",
        "UpdateDate": "2018-12-21T18:15:20.000Z",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket"
          ],
          "tags": {
            "Env": "Test",
            "App": "Facebook"
          },
          "title": "S3-read-only-example-bucket",
          "custom": {
            "aws": {
              "accountId": 123456789012,
              "createTimestamp": "2018-10-08T09:22:07.000Z"
            }
          }
        }
      },
      "expected": false
    },
    {
      "description": "Invalid - Missing Guardrails data",
      "input": {
        "Arn": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket",
        "AttachmentCount": 9,
        "DefaultVersionId": "v1",
        "Path": "/",
        "PolicyId": "AGPACKCEVSQ6C2EXAMPLE",
        "PolicyName": "S3-read-only-example-bucket",
        "Description": "Allows read-only access to the example bucket",
        "UpdateDate": "2018-12-21T18:15:20.000Z"
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/iamPolicy",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

instanceProfile

{
  "type": "object",
  "properties": {
    "Arn": {
      "$ref": "#/definitions/instanceProfileAka"
    },
    "createTimestamp": {
      "$ref": "turbot#/definitions/isoTimestamp"
    },
    "InstanceProfileName": {
      "$ref": "#/definitions/instanceProfileName"
    },
    "Tags": {
      "$ref": "aws#/definitions/tagList"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/instanceProfileAka"
          }
        },
        "tags": {
          "$ref": "aws#/definitions/tagsMap"
        },
        "title": {
          "$ref": "#/definitions/instanceProfileName"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "All properties given",
      "input": {
        "Arn": "arn:aws:iam::123456789012:instance-profile/turbot_instanceProfile_metadata",
        "CreateDate": "2018-01-21T18:15:20.000Z",
        "InstanceProfileName": "testinstanceProfile",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:instance-profile/turbot_instanceProfile_metadata"
          ],
          "title": "i-a2345678",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    },
    {
      "description": "Invalid - Missing Guardrails Data",
      "input": {
        "instanceProfileName": "AWSServiceinstanceProfileForAmazonGuardDuty",
        "title": "Test-instanceProfile",
        "Tags": [
          {
            "Key": "Name",
            "Value": "testkey0"
          },
          {
            "Key": "Name1",
            "Value": "testkey01"
          }
        ]
      },
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/instanceProfile",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

instanceProfileAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:instance-profile/[A-Za-z0-9_+=,.@-]{1,64}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:instance-profile/turbot_instanceProfile_metadata"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:ec2:123456789012:instance-profiles/turbot_instanceProfile_metadata",
      "expected": false
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:ec2:1234567892101489:instance-profile/turbot_instanceProfile_metadata",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/instanceProfileAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

instanceProfileName

{
  "type": "string",
  "pattern": "^[-0-9a-zA-Z_+=,.@]{1,128}$",
  "tests": [
    {
      "description": "Base test case",
      "input": "sad"
    },
    {
      "input": "sdsadcxa123acAXSASD"
    },
    {
      "input": "00123"
    },
    {
      "description": "invalid - empty string",
      "input": "",
      "expected": false
    },
    {
      "description": "invalid - exceeding maximum limit",
      "input": "sdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAX",
      "expected": false
    },
    {
      "description": "invalid - invalid character ~",
      "input": "SADSA~asdsad",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/instanceProfileName",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

lastResourceAnalyzedAt

{
  "anyOf": [
    {
      "$ref": "turbot#/definitions/isoTimestamp"
    },
    {
      "type": "null"
    }
  ],
  "tests": [
    {
      "input": null
    },
    {
      "input": "2021-08-31T07:29:15+00:00"
    },
    {
      "description": "invalid - string provided",
      "input": "hello",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/lastResourceAnalyzedAt",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

marker

{
  "type": "string",
  "minLength": 1,
  "maxLength": 320,
  "pattern": "^[ -ÿ]+$",
  "tests": [
    {
      "input": "Foo,foo+fOO-bar"
    },
    {
      "input": "00123"
    },
    {
      "input": "ab@cde.com"
    },
    {
      "input": "Test.The-Kitchen_Sink"
    },
    {
      "description": "min length",
      "input": "/"
    },
    {
      "description": "max length",
      "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678_123456789_123456789_123456789_123456789_123456789_123456789_123"
    },
    {
      "description": "invalid - too long",
      "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678_123456789_123456789_123456789_123456789_123456789_123456789_12345",
      "expected": false
    },
    {
      "description": "invalid - empty string",
      "input": "",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/marker",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

maxSessionDuration

{
  "type": "integer",
  "minimum": 3600,
  "maximum": 43200,
  "tests": [
    {
      "input": 12345
    },
    {
      "description": "min value",
      "input": 3600
    },
    {
      "description": "max value",
      "input": 43200
    },
    {
      "description": "invalid - greater than max value",
      "input": 11111111,
      "expected": false
    },
    {
      "description": "invalid - string type provided",
      "input": "three",
      "expected": false
    },
    {
      "description": "invalid - decimal value provided",
      "input": 4.5,
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/maxSessionDuration",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

mfaVirtual

{
  "type": "object",
  "properties": {
    "AssignmentStatus": {
      "$ref": "#/definitions/assignmentStatus"
    },
    "VirtualMFADevices": {
      "$ref": "#/definitions/virtualMFADevices"
    },
    "IsTruncated": {
      "type": "boolean"
    },
    "Marker": {
      "$ref": "#/definitions/marker"
    },
    "MaxItems": {
      "$ref": "#/definitions/virtualMfaMaxItems"
    },
    "Tags": {
      "$ref": "aws#/definitions/tagList"
    },
    "EnableDate": {
      "$ref": "turbot#/definitions/isoTimestamp"
    },
    "SerialNumber": {
      "$ref": "#/definitions/serialNumber"
    },
    "User": {
      "$ref": "#/definitions/userName"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/mfaVirtualAka"
          }
        },
        "tags": {
          "$ref": "aws#/definitions/tagsMap"
        },
        "title": {
          "$ref": "#/definitions/userName"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "required": [
    "SerialNumber",
    "turbot"
  ],
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "AssignmentStatus": "Any",
        "Marker": "a123",
        "MaxItems": 100,
        "SerialNumber": "arn:aws:iam::492552618977:mfa/test_user",
        "Tags": [
          {
            "Key": "Env",
            "Value": "Test"
          },
          {
            "Key": "App",
            "Value": "Facebook"
          }
        ],
        "turbot": {
          "akas": [
            "arn:aws:iam::492552618977:mfa/test_user"
          ],
          "tags": {
            "Env": "Test",
            "App": "Facebook"
          },
          "title": "Susan",
          "custom": {
            "aws": {
              "accountId": 492552618977
            }
          }
        }
      }
    },
    {
      "description": "Invalid - Missing SerialNumber",
      "input": {
        "AssignmentStatus": "Assigned",
        "UserName": "Susan",
        "Marker": "/",
        "MaxItems": 1,
        "Tags": [
          {
            "Key": "Env",
            "Value": "Test"
          },
          {
            "Key": "App",
            "Value": "Facebook"
          }
        ],
        "turbot": {
          "akas": [
            "arn:aws:iam::492552618977:mfa/test_user"
          ],
          "tags": {
            "Env": "Test",
            "App": "Facebook"
          },
          "title": "Susan",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      },
      "expected": false
    },
    {
      "description": "Invalid - Missing Guardrails data",
      "input": {
        "SerialNumber": "arn:aws:iam::492552618977:mfa/test_user",
        "Tags": [
          {
            "Key": "Env",
            "Value": "Test"
          },
          {
            "Key": "App",
            "Value": "Facebook"
          }
        ],
        "UserName": "Susan"
      },
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/mfaVirtual",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

mfaVirtualAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:mfa/[A-Za-z0-9_-]{1,64}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::492552618977:mfa/test_user"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:iam::492552618977:mfaa/test_user",
      "expected": false
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:iam::389739167:mfa/test_user",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/mfaVirtualAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

openIdConnect

{
  "type": "object",
  "properties": {
    "Arn": {
      "$ref": "#/definitions/openIdConnectAka"
    },
    "Url": {
      "type": "string"
    },
    "ClientIDList": {
      "$ref": "#/definitions/clientIdList"
    },
    "ThumbprintList": {
      "$ref": "#/definitions/thumbprintList"
    },
    "CreateDate": {
      "$ref": "turbot#/definitions/isoTimestamp"
    },
    "Tags": {
      "$ref": "aws#/definitions/tagList"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/openIdConnectAka"
          }
        },
        "tags": {
          "$ref": "aws#/definitions/tagsMap"
        },
        "title": {
          "type": "string"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "Url": "accounts.google.com",
        "ClientIDList": [
          "rahultestaccount"
        ],
        "ThumbprintList": [
          "08745487e891c19e3078c1f2a07e452950ef36f6"
        ],
        "CreateDate": "2022-05-03T06:50:32.086Z",
        "Tags": [
          {
            "Key": "Env",
            "Value": "Test"
          },
          {
            "Key": "App",
            "Value": "Facebook"
          }
        ],
        "turbot": {
          "akas": [
            "arn:aws:iam::492552618977:oidc-provider/accounts.google.com"
          ],
          "tags": {
            "Env": "Test",
            "App": "Facebook"
          },
          "title": "Susan",
          "custom": {
            "aws": {
              "accountId": 492552618977
            }
          }
        }
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/openIdConnect",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

openIdConnectAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:oidc-provider/[A-Za-z0-9_.-/]+$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::388460667113:oidc-provider/accounts.google.com"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:iam::388460667113:oidc-/accounts.google.com",
      "expected": false
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:iam::60667113:oidc-provider/accounts.google.com",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/openIdConnectAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

passwordLastUsed

{
  "anyOf": [
    {
      "$ref": "turbot#/definitions/isoTimestamp"
    },
    {
      "type": "null"
    }
  ],
  "tests": [
    {
      "input": null
    },
    {
      "input": "2018-12-21T18:15:20.000Z"
    },
    {
      "description": "invalid - string provided",
      "input": "hello",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/passwordLastUsed",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

policyAttachmentId

{
  "type": "string",
  "pattern": "^[A-Za-z0-9_+=,.@-]{1,64}-[A-Za-z0-9_+=,.@-]{1,128}$",
  "tests": [
    {
      "input": "test01-admin_1"
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/policyAttachmentId",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

policyName

{
  "type": "string",
  "minLength": 1,
  "maxLength": 128,
  "pattern": "^[A-Za-z0-9_+=,.@-]+$",
  "tests": [
    {
      "input": "Foo,foo+fOO-bar"
    },
    {
      "input": "00123"
    },
    {
      "input": "ab@cde.com"
    },
    {
      "input": "Test.The-Kitchen_Sink"
    },
    {
      "description": "max length",
      "input": "a23456789_123456789_123456789_123456789_123456789_123456789_1234a23456789_123456789_123456789_123456789_123456789_123456789_1234"
    },
    {
      "description": "invalid - too long",
      "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456",
      "expected": false
    },
    {
      "description": "invalid - empty string",
      "input": "",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/policyName",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

policyPath

{
  "type": "string",
  "pattern": "^((/[A-Za-z0-9.,+@=_-]+)*)/$",
  "tests": [
    {
      "input": "/"
    },
    {
      "input": "/home/.ssh/+/"
    },
    {
      "input": "/path/to/the/desti-nati0n/"
    },
    {
      "description": "invaid - should end with /",
      "input": "/hello",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/policyPath",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

policyVersion

{
  "type": "object",
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/policyVersion",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

regionScope

{
  "type": "string",
  "enum": [
    "regional",
    "global"
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/regionScope",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

reportItemsElements

{
  "type": "string",
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/reportItemsElements",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

restrictedApisBudgetState

{
  "type": "string",
  "pattern": "Unknown|Unused|Under|On target|Over|Critical|Shutdown",
  "tests": [
    {
      "description": "Valid test",
      "input": "Unknown"
    },
    {
      "description": "invalid type definition",
      "input": "unu",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/restrictedApisBudgetState",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

restrictedApisBudgetStateApis

{
  "type": "object",
  "default": {},
  "patternProperties": {
    "Unknown|Unused|Under|On target|Over|Critical|Shutdown|unknown|unused|under|on target|over|critical|shutdown|ontarget": {
      "type": "array",
      "items": {
        "type": "string"
      },
      ".turbot": {
        "uri": "tmod:@turbot/aws-iam#/definitions/restrictedApisPermissions",
        "modUri": "tmod:@turbot/aws-iam"
      }
    }
  },
  "additionalProperties": false,
  "tests": [
    {
      "description": "Valid test",
      "input": {
        "Unknown": [
          "ec2:*",
          "s3:*"
        ]
      }
    },
    {
      "description": "Valid test 2",
      "input": {
        "Critical": [
          "ec2:*",
          "s3:*"
        ]
      }
    },
    {
      "description": "Valid test 2",
      "input": {
        "ontarget": [
          "ec2:*",
          "s3:*"
        ]
      }
    },
    {
      "description": "invalid type definition",
      "input": {
        "unu": "ec2*"
      },
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/restrictedApisBudgetStateApis",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

restrictedApisPermissions

{
  "type": "array",
  "items": {
    "type": "string"
  },
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/restrictedApisPermissions",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

role

{
  "type": "object",
  "properties": {
    "Arn": {
      "$ref": "#/definitions/userArn"
    },
    "AssumeRolePolicyDocument": {
      "$ref": "#/definitions/assumeRolePolicyDocument"
    },
    "CreateDate": {
      "$ref": "turbot#/definitions/isoTimestamp"
    },
    "MaxSessionDuration": {
      "$ref": "#/definitions/maxSessionDuration"
    },
    "Path": {
      "$ref": "#/definitions/userPath"
    },
    "RoleId": {
      "$ref": "#/definitions/userId"
    },
    "RoleName": {
      "$ref": "#/definitions/userName"
    },
    "Tags": {
      "$ref": "aws#/definitions/tagList"
    },
    "Description": {
      "type": "string"
    },
    "PermissionsBoundary": {
      "type": "object"
    },
    "RoleLastUsed": {
      "type": "object"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/roleAka"
          }
        },
        "tags": {
          "$ref": "aws#/definitions/tagsMap"
        },
        "title": {
          "$ref": "#/definitions/userName"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "All properties given",
      "input": {
        "Arn": "arn:aws:iam::048639848099:role/service-role/test-config-role",
        "CreateDate": "2018-01-21T18:15:20.000Z",
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "AWS": "arn:aws:iam::560741234067:root"
              },
              "Action": "sts:AssumeRole"
            }
          ]
        },
        "MaxSessionDuration": 3600,
        "Path": "/application_abc/component_xyz/",
        "RoleId": "AROADBQP57FF2AEXAMPLE",
        "RoleName": "AWSServiceRoleForAmazonGuardDuty",
        "Tags": [
          {
            "Key": "Name",
            "Value": "testkey0"
          },
          {
            "Key": "Name1",
            "Value": "testkey01"
          }
        ],
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:role/turbot_role_metadata"
          ],
          "tags": {
            "Env": "Test",
            "App": "Facebook"
          },
          "title": "i-a2345678",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/role",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

roleAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:role/[A-Za-z0-9_+=,.@-]{1,64}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:role/turbot_role_metadata"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:ec2:123456789012:roles/turbot_role_metadata",
      "expected": false
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:ec2:1234567892101489:role/turbot_role_metadata",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/roleAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

roleInlinePolicy

{
  "type": "object",
  "properties": {
    "RoleName": {
      "$ref": "#/definitions/policyName"
    },
    "PolicyName": {
      "$ref": "#/definitions/policyName"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/roleInlinePolicyAka"
          }
        },
        "title": {
          "$ref": "#/definitions/policyName"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "RoleName": "test01",
        "PolicyName": "admin1",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:role/test01/inline-policy/AmazonEKSClusterPolicy"
          ],
          "title": "admin_1",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    },
    {
      "description": "Invalid - Missing role name",
      "input": {
        "PolicyName": "admin1",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:role/test01/inline-policy/AmazonEKSClusterPolicy"
          ],
          "title": "admin1",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      },
      "expected": false
    },
    {
      "description": "Invalid - Missing Guardrails data",
      "input": {
        "RoleName": "test01",
        "PolicyName": "admin1"
      },
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/roleInlinePolicy",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

roleInlinePolicyAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:role/[A-Za-z0-9_+=,.@-]{1,64}/inline-policy/[A-Za-z0-9_.-]{1,128}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:role/test01/inline-policy/hf"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:iam:us-east-1:123456789012:roles/i-a2345678",
      "expected": false
    },
    {
      "description": "Invalid - Malformed region name",
      "input": "arn:aws:iam:use-east-1:123456789012:role/test01",
      "expected": false
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:iam:us-east-1:1234567890123:role/test01",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/roleInlinePolicyAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

rolePolicyAttachment

{
  "type": "object",
  "properties": {
    "RoleName": {
      "$ref": "#/definitions/policyName"
    },
    "PolicyName": {
      "$ref": "#/definitions/policyName"
    },
    "PolicyArn": {
      "$ref": "#/definitions/userArn"
    },
    "Id": {
      "$ref": "#/definitions/policyAttachmentId"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/rolePolicyAttachmentAka"
          }
        },
        "tags": {
          "$ref": "aws#/definitions/tagsMap"
        },
        "title": {
          "$ref": "#/definitions/policyAttachmentId"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "RoleName": "test01",
        "PolicyName": "admin_1",
        "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
        "Id": "test01-admin_1",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:role/test01/policy-attachment/AmazonEKSClusterPolicy"
          ],
          "tags": {
            "Env": "Test",
            "App": "Facebook"
          },
          "title": "test01-admin_1",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    },
    {
      "description": "Invalid - Missing role name",
      "input": {
        "PolicyName": "admin_1",
        "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
        "Id": "test01-admin_1",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:role/test01/policy-attachment/AmazonEKSClusterPolicy"
          ],
          "tags": {
            "Env": "Test",
            "App": "Facebook"
          },
          "title": "test",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      },
      "expected": false
    },
    {
      "description": "Invalid - Missing Guardrails data",
      "input": {
        "RoleName": "test01",
        "PolicyName": "admin_1",
        "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
        "Id": "test01-admin_1"
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/rolePolicyAttachment",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

rolePolicyAttachmentAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:role/[A-Za-z0-9_+=,.@-]{1,64}/policy-attachment/[A-Za-z0-9_.-]{1,128}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:role/test01/policy-attachment/hf"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:iam:us-east-1:123456789012:roles/i-a2345678",
      "expected": false
    },
    {
      "description": "Invalid - Malformed region name",
      "input": "arn:aws:iam:use-east-1:123456789012:role/test01",
      "expected": false
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:iam:us-east-1:1234567890123:role/test01",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/rolePolicyAttachmentAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

roleServiceNow

{
  "defaultColumns": {
    "account_id": {
      "column": "enabled",
      "path": "metadata.aws.accountId",
      "label": "Account ID"
    },
    "arn": {
      "column": "enabled",
      "label": "ARN"
    },
    "assume_role_policy_document": {
      "column": "enabled",
      "path": "data.AssumeRolePolicyDocument",
      "label": "Assume Role Policy Document",
      "type": "string",
      "size": 1000
    },
    "attached_policies": {
      "column": "enabled",
      "label": "Attached Policies",
      "type": "string",
      "size": 1000
    },
    "create_date": {
      "column": "enabled",
      "label": "Create Date"
    },
    "max_session_duration": {
      "column": "enabled",
      "label": "Max Session Duration"
    },
    "role_name": {
      "column": "enabled",
      "path": "data.RoleName"
    },
    "path": {
      "column": "enabled",
      "label": "Path"
    },
    "permissions_boundary_arn": {
      "column": "enabled",
      "path": "data.PermissionsBoundary.PermissionsBoundaryArn",
      "label": "Permissions Boundary ARN"
    },
    "permissions_boundary_type": {
      "column": "enabled",
      "path": "data.PermissionsBoundary.PermissionsBoundaryType",
      "label": "Permissions Boundary Type"
    },
    "role_id": {
      "column": "enabled",
      "label": "Role ID"
    },
    "role_last_used_date": {
      "column": "enabled",
      "path": "data.RoleLastUsed.LastUsedDate",
      "label": "Role Last Used Date"
    },
    "role_last_used_region": {
      "column": "enabled",
      "path": "data.RoleLastUsed.Region",
      "label": "Role Last Used Region"
    },
    "tags": {
      "column": "enabled",
      "label": "Tags",
      "type": "string",
      "size": 1000
    }
  },
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/roleServiceNow",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

root

{
  "type": "object",
  "properties": {
    "arn": {
      "$ref": "#/definitions/rootUserArn"
    },
    "user": {
      "$ref": "#/definitions/User"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/rootUserArn"
          }
        },
        "title": {
          "$ref": "#/definitions/User"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "required": [
    "arn",
    "turbot"
  ],
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "user": "root_account",
        "arn": "arn:aws:iam::123456789012:root",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:root"
          ],
          "title": "root_account",
          "custom": {
            "aws": {
              "accountId": 123456789012
            },
            "createTimestamp": "2018-12-21T18:15:20.000Z"
          }
        }
      }
    },
    {
      "description": "Invalid - Missing arn",
      "input": {
        "user": "AIDACKCEVSQ6C2EXAMPLE",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:user"
          ],
          "title": "AIDACKCEVSQ6C2EXAMPLE",
          "custom": {
            "aws": {
              "accountId": 123456789012
            },
            "createTimestamp": "2018-12-21T18:15:20.000Z"
          }
        }
      },
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/root",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

rootUserArn

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:root$",
  "tests": [
    {
      "description": "Valid - Base Case",
      "input": "arn:aws:iam::123456789012:root"
    },
    {
      "description": "Invalid",
      "input": "arn:aws:iam::123456789012:user",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/rootUserArn",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

secretAccessKey

{
  "type": "string",
  "tests": [
    {
      "input": "Foo,foo+fOO-bar"
    },
    {
      "input": "00123"
    },
    {
      "input": "ab@cde.com"
    },
    {
      "input": "Test.The-Kitchen_Sink"
    },
    {
      "input": "leTjY3SkM7uPgHMj71u6zH2ucGxpd0aV3ToSar8D"
    },
    {
      "input": "gc+gNRHJ0xhA6rx5CEPa7aDPYjMV+xtkue3we0xF"
    },
    {
      "description": "invalid - array type provided",
      "input": [
        "hello"
      ],
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/secretAccessKey",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

serialNumber

{
  "type": "string",
  "minLength": 9,
  "maxLength": 256,
  "pattern": "^[A-Za-z0-9_+=/:,.@-]+$",
  "tests": [
    {
      "input": "Foo,foo+fOO-bar"
    },
    {
      "input": "001234567890"
    },
    {
      "input": "ab@cde.com"
    },
    {
      "input": "arn:aws:iam::123456789012:mfa/MFAdeviceName"
    },
    {
      "description": "min length",
      "input": 123456789
    },
    {
      "description": "max length",
      "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678"
    },
    {
      "description": "invalid - too long",
      "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789",
      "expected": false
    },
    {
      "description": "invalid - empty string",
      "input": "",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/serialNumber",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

serverCertificate

{
  "type": "object",
  "properties": {
    "ServerCertificateMetadata": {
      "type": "object",
      "properties": {
        "Path": {
          "type": "string"
        },
        "ServerCertificateName": {
          "type": "string"
        },
        "ServerCertificateId": {
          "type": "string"
        },
        "Arn": {
          "$ref": "#/definitions/serverCertificateAka"
        },
        "UploadDate": {
          "$ref": "turbot#/definitions/isoTimestamp"
        },
        "Expiration": {
          "$ref": "turbot#/definitions/isoTimestamp"
        }
      }
    },
    "CertificateBody": {
      "type": "string"
    },
    "CertificateChain": {
      "type": "string"
    },
    "Tags": {
      "$ref": "aws#/definitions/tagList"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/serverCertificateAka"
          }
        },
        "tags": {
          "$ref": "aws#/definitions/tagsMap"
        },
        "title": {
          "$ref": "#/definitions/certificateName"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "All properties given",
      "input": {
        "ServerCertificateMetadata": {
          "Path": "/",
          "ServerCertificateName": "MySSLCertificate",
          "ServerCertificateId": "EHDGFRW7EJFYTE88D",
          "Arn": "arn:aws:iam::012345678910:server-certificate/EHDGFRW7EJFYTE88D",
          "UploadDate": "2018-01-21T18:15:20.000Z",
          "Expiration": "2019-01-21T18:15:20.000Z"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "testkey0"
          },
          {
            "Key": "Name1",
            "Value": "testkey01"
          }
        ],
        "turbot": {
          "akas": [
            "arn:aws:iam::012345678910:server-certificate/MySSLCertificate"
          ],
          "tags": {
            "Env": "Test",
            "App": "Facebook"
          },
          "title": "MySSLCertificate",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/serverCertificate",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

serverCertificateAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:server-certificate/[A-Za-z0-9]{0,21}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:server-certificate/ASCAQGDRKHTKPCN3KQ4T7"
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:ec2:1234567892101489:server-certificate//ASCAQGDRKHTKPCN3KQ4T7",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/serverCertificateAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

status

{
  "type": "string",
  "enum": [
    "Active",
    "Inactive"
  ],
  "tests": [
    {
      "input": "Active"
    },
    {
      "input": "Inactive"
    },
    {
      "description": "invalid - not listed in options",
      "input": "Reactive",
      "expected": false
    },
    {
      "description": "invalid - null value",
      "input": null,
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/status",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

thumbprint

{
  "type": "string",
  "pattern": "^[a-zA-Z0-9:_.-/]{40}$",
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/thumbprint",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

thumbprintList

{
  "type": "array",
  "items": {
    "$ref": "#/definitions/thumbprint"
  },
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/thumbprintList",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

turbotAwsLevelDefinitionList

{
  "description": "Internal format for Guardrails AWS Levels registrations.",
  "type": "array",
  "items": {
    "description": "Internal format for Guardrails Levels.",
    "type": "object",
    "properties": {
      "level": {
        "type": "string",
        "format": "uri-reference",
        ".turbot": {
          "uri": "tmod:@turbot/turbot#/definitions/$ref",
          "modUri": "tmod:@turbot/turbot"
        },
        "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist"
      },
      "type": {
        "type": "string",
        "format": "uri-reference",
        ".turbot": {
          "uri": "tmod:@turbot/turbot#/definitions/$ref",
          "modUri": "tmod:@turbot/turbot"
        },
        "pattern": "^tmod:@turbot/aws"
      }
    },
    "required": [
      "level",
      "type"
    ],
    "additionalProperties": false,
    "tests": [
      {
        "description": "Valid level definition",
        "input": {
          "level": "tmod:@turbot/aws-s3#/permission/levels/admin",
          "type": "tmod:@turbot/aws-s3#/permission/types/s3"
        }
      },
      {
        "description": "invalid type definition",
        "input": {
          "level": "tmod:@turbot/aws-s3#/permission/levels/admin",
          "type": "tmod:@turbot/azure-s3#/permission/types/s3"
        },
        "expected": false
      },
      {
        "description": "Invalid - Levels includes a non #/permission/levels/* path",
        "expected": false,
        "input": {
          "level": "#/definitions/foo",
          "type": "#/permission/types/foo"
        }
      },
      {
        "description": "Invalid - Types includes a non #/permission/types/* path",
        "expected": false,
        "input": {
          "level": "#/permission/levels/user",
          "type": "#/definitions/bar"
        }
      }
    ],
    ".turbot": {
      "uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinition",
      "modUri": "tmod:@turbot/aws-iam"
    }
  },
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/turbotAwsLevelDefinitionList",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

User

{
  "type": "string",
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/User",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

user

{
  "type": "object",
  "properties": {
    "Arn": {
      "$ref": "#/definitions/userArn"
    },
    "PasswordLastUsed": {
      "$ref": "#/definitions/passwordLastUsed"
    },
    "Path": {
      "$ref": "#/definitions/userPath"
    },
    "UserId": {
      "$ref": "#/definitions/userId"
    },
    "UserName": {
      "$ref": "#/definitions/userName"
    },
    "Tags": {
      "$ref": "aws#/definitions/tagList"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/userAka"
          }
        },
        "tags": {
          "$ref": "aws#/definitions/tagsMap"
        },
        "title": {
          "$ref": "#/definitions/userName"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "UserName": "foo",
        "Arn": "arn:aws:iam::123456789012:user/foo",
        "UserId": "AIDACKCEVSQ6C2EXAMPLE",
        "CreateDate": "2018-12-21T18:15:20.000Z",
        "PasswordLastUsed": "2018-12-21T18:15:20.000Z",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:user/foo"
          ],
          "tags": {
            "Key": "key01",
            "Value": "value01"
          },
          "title": "foo",
          "custom": {
            "aws": {
              "accountId": 123456789012
            },
            "createTimestamp": "2018-12-21T18:15:20.000Z"
          }
        }
      }
    },
    {
      "description": "Invalid - Missing Username",
      "input": {
        "Arn": "arn:aws:iam::123456789012:user/foo",
        "UserId": "AIDACKCEVSQ6C2EXAMPLE",
        "CreateDate": "2018-12-21T18:15:20.000Z",
        "PasswordLastUsed": "2018-12-21T18:15:20.000Z",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:user/foo"
          ],
          "tags": {
            "Key": "key01",
            "Value": "value01"
          },
          "title": "foo",
          "custom": {
            "aws": {
              "accountId": 123456789012
            },
            "createTimestamp": "2018-12-21T18:15:20.000Z"
          }
        }
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/user",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

userAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:user/[A-Za-z0-9_+=,.@-]{1,64}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:user/bob"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:ec2:us-east-1:123456789012:instances/i-a2345678",
      "expected": false
    },
    {
      "description": "Invalid - account id not valid",
      "input": "arn:aws:iam::1234234456789012:user/bob",
      "expected": false
    },
    {
      "description": "Invalid - special character 0-9_+=,.@- are allowed",
      "input": "arn:aws:iam::123456789012:user/bob!!",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/userAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

userArn

{
  "type": "string",
  "minLength": 20,
  "maxLength": 2048,
  "tests": [
    {
      "description": "user arn",
      "input": "arn:aws:iam::123456789012:user/Bob"
    },
    {
      "description": "federated user",
      "input": "arn:aws:sts::123456789012:federated-user/Bob"
    },
    {
      "description": "nested path",
      "input": "arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob"
    },
    {
      "description": "policy arn",
      "input": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket"
    },
    {
      "description": "role arn",
      "input": "arn:aws:iam::123456789012:role/S3Access"
    },
    {
      "description": "group arn",
      "input": "arn:aws:iam::123456789012:group/Developers"
    },
    {
      "description": "group arn with path",
      "input": "arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_A/Developers"
    },
    {
      "description": "min length",
      "input": 12345678901234567000
    },
    {
      "description": "invalid - less than min length",
      "input": "Hello User!",
      "expected": false
    },
    {
      "description": "invalid - null value",
      "input": null,
      "expected": false
    },
    {
      "description": "invalid - empty string",
      "input": "",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/userArn",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

userGroupMembershipAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:userGroupMemberships/[A-Za-z0-9_+=,.@-]{1,64}/[A-Za-z0-9_+=,.@-]{1,64}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:userGroupMemberships/turbot/user"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:ec2:us-east-1:123456789012:instances/i-a2345678",
      "expected": false
    },
    {
      "description": "Invalid - account id not valid",
      "input": "arn:aws:iam::1234234456789012:user/bob",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/userGroupMembershipAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

userGroupMemberships

{
  "type": "object",
  "properties": {
    "Arn": {
      "$ref": "#/definitions/userGroupMembershipAka"
    },
    "Path": {
      "$ref": "#/definitions/userPath"
    },
    "GroupNames": {
      "type": "array",
      "items": {
        "$ref": "#/definitions/userName"
      }
    },
    "GroupName": {
      "$ref": "#/definitions/userName"
    },
    "UserName": {
      "$ref": "#/definitions/userName"
    },
    "turbotManagedGroups": {
      "type": "array",
      "items": {
        "$ref": "#/definitions/userName"
      }
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/userGroupMembershipAka"
          }
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            },
            "turbotManagedGroups": {
              "type": "array",
              "items": {
                "$ref": "#/definitions/userName"
              }
            }
          }
        }
      }
    }
  },
  "tests": [
    {
      "description": "base",
      "input": {
        "Arn": "arn:aws:iam::492552618977:userGroupMemberships/turbot/user",
        "UserName": "testUser",
        "turbot": {
          "custom": {
            "aws": {
              "accountId": 123456789012
            },
            "createTimestamp": "2018-12-21T18:15:20.000Z"
          }
        }
      }
    },
    {
      "description": "invalid - no Username provided",
      "input": {
        "Arn": "arn:aws:iam::492552618977:userGroupMemberships/turbot/user",
        "turbot": {
          "custom": {
            "aws": {
              "accountId": 123456789012
            },
            "createTimestamp": "2018-12-21T18:15:20.000Z"
          }
        }
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/userGroupMemberships",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

userId

{
  "type": "string",
  "minLength": 16,
  "maxLength": 128,
  "pattern": "^[A-Za-z0-9_]+$",
  "tests": [
    {
      "input": "AIDACKCEVSQ6C2EXAMPLE"
    },
    {
      "description": "min length",
      "input": "AIDACKCEVSQ6C2EX"
    },
    {
      "description": "group id",
      "input": "AGPACKCEVSQ6C2EXAMPLE"
    },
    {
      "description": "role id",
      "input": "AROADBQP57FF2AEXAMPLE"
    },
    {
      "description": "max length",
      "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678"
    },
    {
      "description": "invalid - too long",
      "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456",
      "expected": false
    },
    {
      "description": "invalid - at symbol not allowed in pattern",
      "input": "user@bob",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/userId",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

userInlinePolicy

{
  "type": "object",
  "properties": {
    "UserName": {
      "$ref": "#/definitions/userName"
    },
    "PolicyName": {
      "$ref": "#/definitions/policyName"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/userInlinePolicyAka"
          }
        },
        "tags": {
          "$ref": "aws#/definitions/tagsMap"
        },
        "title": {
          "$ref": "#/definitions/policyName"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            },
            "createTimestamp": {
              "$ref": "turbot#/definitions/isoTimestamp"
            }
          }
        }
      }
    }
  },
  "required": [
    "PolicyName",
    "turbot",
    "UserName"
  ],
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "UserName": "test01",
        "PolicyName": "admin_1",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:user/test01/inline-policy/admin_1"
          ],
          "title": "test01-admin_1",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      }
    },
    {
      "description": "Invalid - Missing user name",
      "input": {
        "PolicyName": "admin_1",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:user/test01/inline-policy/admin_1"
          ],
          "title": "test01-admin_1",
          "custom": {
            "aws": {
              "accountId": 123456789012
            }
          }
        }
      },
      "expected": false
    },
    {
      "description": "Invalid - Missing Guardrails data",
      "input": {
        "UserName": "test01",
        "PolicyName": "admin_1"
      },
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/userInlinePolicy",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

userInlinePolicyAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:user/[A-Za-z0-9_+=,.@-]{1,64}/inline-policy/[A-Za-z0-9_+=,.@-]+$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:user/test01/inline-policy/hf"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:iam::123456789012:users/test01/inline-policy/hf",
      "expected": false
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:iam::4653726:user/test01/inline-policy/hf",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/userInlinePolicyAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

userName

{
  "type": "string",
  "minLength": 1,
  "maxLength": 64,
  "pattern": "^[A-Za-z0-9_+=,.@-]+$",
  "tests": [
    {
      "input": "Foo,foo+fOO-bar"
    },
    {
      "input": "00123"
    },
    {
      "input": "ab@cde.com"
    },
    {
      "input": "Test.The-Kitchen_Sink"
    },
    {
      "description": "max length",
      "input": "a23456789_123456789_123456789_123456789_16789_123456789_12345678"
    },
    {
      "description": "invalid - too long",
      "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456",
      "expected": false
    },
    {
      "description": "invalid - empty string",
      "input": "",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/userName",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

userPath

{
  "type": "string",
  "minLength": 1,
  "maxLength": 512,
  "pattern": "^(/)|(/[!-]+/)$",
  "tests": [
    {
      "input": "/division_abc/subdivision_xyz/*"
    },
    {
      "input": "//"
    },
    {
      "description": "min length",
      "input": "/"
    },
    {
      "description": "invalid - null value",
      "input": null,
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/userPath",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

userPolicyAttachment

{
  "type": "object",
  "properties": {
    "UserName": {
      "$ref": "#/definitions/policyName"
    },
    "PolicyName": {
      "$ref": "#/definitions/policyName"
    },
    "PolicyArn": {
      "$ref": "#/definitions/userArn"
    },
    "Id": {
      "$ref": "#/definitions/policyAttachmentId"
    },
    "turbot": {
      "type": "object",
      "properties": {
        "akas": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/userPolicyAttachmentAka"
          }
        },
        "title": {
          "$ref": "#/definitions/policyAttachmentId"
        },
        "custom": {
          "type": "object",
          "properties": {
            "aws": {
              "$ref": "aws#/definitions/awsMetadata"
            }
          }
        }
      }
    }
  },
  "additionalProperties": true,
  "tests": [
    {
      "description": "Valid - All properties",
      "input": {
        "UserName": "venu",
        "PolicyName": "admin",
        "PolicyArn": "arn:aws:iam::492552618977:policy/turbot/admin",
        "Id": "venu-admin",
        "turbot": {
          "akas": [
            "arn:aws:iam::123456789012:user/venu/policy-attachment/abcjkc"
          ],
          "title": "venu-admin",
          "custom": {
            "aws": {
              "accountId": 123456789012,
              "regionName": "us-east-1"
            }
          }
        }
      }
    },
    {
      "description": "Invalid - Missing UserName",
      "input": {
        "PolicyName": "admin",
        "PolicyArn": "arn:aws:iam::492552618977:policy/turbot/admin",
        "Id": "venu-admin",
        "turbot": {
          "akas": [
            "arn:aws:iam:123456789012:venu/policy-attachment/abcjkc"
          ],
          "title": "Admin",
          "custom": {
            "aws": {
              "accountId": 123456789012,
              "regionName": "us-east-1"
            }
          }
        }
      },
      "expected": false
    },
    {
      "description": "Invalid - Missing Guardrails data",
      "input": {
        "UserName": "venu",
        "PolicyName": "admin",
        "PolicyArn": "arn:aws:iam::492552618977:policy/turbot/admin",
        "Id": "venu-admin"
      }
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/userPolicyAttachment",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

userPolicyAttachmentAka

{
  "type": "string",
  "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:user/[A-Za-z0-9_+=,.@-]{1,64}/policy-attachment/[A-Za-z0-9_.-]{1,128}$",
  "tests": [
    {
      "description": "Valid - Base case",
      "input": "arn:aws:iam::123456789012:user/ab@cde.com/policy-attachment/Foo"
    },
    {
      "description": "Invalid - Malformed resource collection",
      "input": "arn:aws:iam::123456789012:user/venu/policy-attachments/Foo",
      "expected": false
    },
    {
      "description": "Invalid - Malformed account ID",
      "input": "arn:aws:iam::1234567890123:user/venu/policy-attachment/Foo",
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/userPolicyAttachmentAka",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

userServiceNow

{
  "defaultColumns": {
    "account_id": {
      "column": "enabled",
      "path": "metadata.aws.accountId",
      "label": "Account ID"
    },
    "arn": {
      "column": "enabled",
      "label": "ARN"
    },
    "attached_policies": {
      "column": "enabled",
      "label": "Attached Policies",
      "type": "string",
      "size": 1000
    },
    "user_policies": {
      "column": "enabled",
      "label": "User Policies",
      "type": "string",
      "size": 1000
    },
    "create_date": {
      "column": "enabled",
      "label": "Create Date"
    },
    "groups": {
      "column": "enabled",
      "label": "Groups",
      "type": "string",
      "size": 1000
    },
    "login_profile": {
      "column": "enabled",
      "label": "Login Profile",
      "type": "string",
      "size": 1000
    },
    "user_name": {
      "column": "enabled",
      "path": "data.UserName"
    },
    "password_last_used": {
      "column": "enabled",
      "label": "Password Last Used"
    },
    "path": {
      "column": "enabled",
      "label": "Path"
    },
    "tags": {
      "column": "enabled",
      "label": "Tags",
      "type": "string",
      "size": 1000
    },
    "user_id": {
      "column": "enabled",
      "label": "User ID"
    }
  },
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/userServiceNow",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

virtualMFADevices

{
  "type": "object",
  "properties": {
    "SerialNumber": {
      "$ref": "#/definitions/serialNumber"
    }
  },
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/virtualMFADevices",
    "modUri": "tmod:@turbot/aws-iam"
  }
}

virtualMfaMaxItems

{
  "type": "integer",
  "default": 100,
  "minimum": 1,
  "maximum": 1000,
  "tests": [
    {
      "input": 123
    },
    {
      "description": "min value",
      "input": 1
    },
    {
      "description": "max value",
      "input": 1000
    },
    {
      "description": "invalid - greater than max value",
      "input": 11111111,
      "expected": false
    },
    {
      "description": "invalid - string type provided",
      "input": "three",
      "expected": false
    },
    {
      "description": "invalid - decimal value provided",
      "input": 4.5,
      "expected": false
    }
  ],
  ".turbot": {
    "uri": "tmod:@turbot/aws-iam#/definitions/virtualMfaMaxItems",
    "modUri": "tmod:@turbot/aws-iam"
  }
}