Definitions for @turbot/aws-iam
- accessAnalyzer
- accessAnalyzerArn
- accessAnalyzerName
- accessAnalyzerStatus
- accessAnalyzerType
- accessKey
- accessKeyAka
- accountPasswordPolicy
- accountPasswordPolicyAka
- accountSummary
- accountSummaryAka
- api
- apiBoundaries
- apiBoundary
- assignmentStatus
- assumeRolePolicyDocument
- attachmentCount
- awsLevelDefinition
- awsLevelDefinitionList
- awsModifier
- awsModifierLevelReference
- awsModifierList
- awsPermissionLevelReference
- awsPermissionReference
- awsPermissionTypeReference
- awsRightDefinition
- awsRightDefinitionList
- boundaryPermissionPolicy
- certificateName
- clientId
- clientIdList
- createdAt
- credentialInfo
- credentialReport
- credentialReportAka
- defaultVersionId
- description
- genericNumber
- group
- groupAka
- groupInlinePolicy
- groupInlinePolicyAka
- groupPolicyAttachment
- groupPolicyAttachmentAka
- iam
- iamAka
- iamPolicy
- instanceProfile
- instanceProfileAka
- instanceProfileName
- lastResourceAnalyzedAt
- marker
- maxSessionDuration
- mfaVirtual
- mfaVirtualAka
- openIdConnect
- openIdConnectAka
- passwordLastUsed
- policyAttachmentId
- policyName
- policyPath
- policyVersion
- regionScope
- reportItemsElements
- restrictedApisBudgetState
- restrictedApisBudgetStateApis
- restrictedApisPermissions
- role
- roleAka
- roleInlinePolicy
- roleInlinePolicyAka
- rolePolicyAttachment
- rolePolicyAttachmentAka
- root
- rootUserArn
- secretAccessKey
- serialNumber
- serverCertificate
- serverCertificateAka
- status
- thumbprint
- thumbprintList
- turbotAwsLevelDefinitionList
- User
- user
- userAka
- userArn
- userGroupMembershipAka
- userGroupMemberships
- userId
- userInlinePolicy
- userInlinePolicyAka
- userName
- userPath
- userPolicyAttachment
- userPolicyAttachmentAka
- virtualMFADevices
- virtualMfaMaxItems
accessAnalyzer
Schema
{ "type": "object", "properties": { "arn": { "$ref": "#/definitions/accessAnalyzerArn" }, "createdAt": { "$ref": "#/definitions/createdAt" }, "lastResourceAnalyzed": { "type": "string" }, "lastResourceAnalyzedAt": { "$ref": "#/definitions/lastResourceAnalyzedAt" }, "name": { "$ref": "#/definitions/accessAnalyzerName" }, "status": { "$ref": "#/definitions/accessAnalyzerStatus" }, "type": { "$ref": "#/definitions/accessAnalyzerType" }, "tags": { "$ref": "aws#/definitions/tagList" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/accessAnalyzerArn" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/accessAnalyzerName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "arn": "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer", "createdAt": "2021-08-31T07:29:15+00:00", "lastResourceAnalyzed": "arn:aws:iam::986325076436:role/turbot/waf_readonly", "lastResourceAnalyzedAt": "2021-08-31T07:29:16.570000+00:00", "name": "sd-test-analyzer", "status": "ACTIVE", "tags": {}, "type": "ACCOUNT", "turbot": { "akas": [ "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer" ], "tags": {}, "title": "sd-test-analyzer", "custom": { "aws": { "accountId": 986325076436 }, "createTimestamp": "2018-12-21T18:15:20.000Z" } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzer", "modUri": "tmod:@turbot/aws-iam" }}accessAnalyzerArn
Schema
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:access-analyzer:[a-z]{2}(-gov)?-[a-z]+-[0-9]:[0-9]{12}:analyzer/[A-Za-z][A-Za-z0-9_.-]{0,255}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:ec2:us-east-1:123456789012:instances/i-a2345678", "expected": false }, { "description": "Invalid - account id not valid", "input": "arn:aws:iam::1234234456789012:user/bob", "expected": false }, { "description": "Invalid - special character 0-9_+=,.@- are allowed", "input": "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer!!!", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerArn", "modUri": "tmod:@turbot/aws-iam" }}accessAnalyzerName
Schema
{ "type": "string", "pattern": "^[A-Za-z][A-Za-z0-9_.-]{0,255}$", "tests": [ { "description": "Valid - Base case", "input": "sd-test-analyzer" } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerName", "modUri": "tmod:@turbot/aws-iam" }}accessAnalyzerStatus
Schema
{ "type": "string", "enum": [ "ACTIVE", "CREATING", "DISABLED", "FAILED" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerStatus", "modUri": "tmod:@turbot/aws-iam" }}accessAnalyzerType
Schema
{ "type": "string", "enum": [ "ACCOUNT", "ORGANIZATION" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerType", "modUri": "tmod:@turbot/aws-iam" }}accessKey
Schema
{ "type": "object", "properties": { "AccessKeyId": { "$ref": "#/definitions/userId" }, "CreateDate": { "$ref": "turbot#/definitions/isoTimestamp" }, "SecretAccessKey": { "$ref": "#/definitions/secretAccessKey" }, "Status": { "$ref": "#/definitions/status" }, "UserName": { "$ref": "#/definitions/userName" }, "AccessKeyLastUsed": { "type": "object" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/accessKeyAka" } }, "title": { "$ref": "#/definitions/userName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "lastUsedTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "AccessKeyId": "AKIA1234567890EXAMPLE", "CreateDate": "2018-30-07T18:15:20.000Z", "SecretAccessKey": 100, "Status": "Active", "UserName": "Bob", "turbot": { "akas": [ "arn:aws:iam::123456789012:user/Bob/accesskey/AKIA1234567890EXAMPLE" ], "title": "Bob", "custom": { "aws": { "accountId": 123456789012 } } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessKey", "modUri": "tmod:@turbot/aws-iam" }}accessKeyAka
Schema
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:user/[A-Za-z0-9_+=,.@-]{1,64}/accesskey/[A-Za-z0-9]{16,128}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:user/Bob/accesskey/AKIA1234567890EXAMPLE" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::123456789012:user/Bob/accesskeys/AKIA1234567890EXAMPLE", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam::1234567811213:user/Bob/accesskey/AKIA1234567890EXAMPLE", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessKeyAka", "modUri": "tmod:@turbot/aws-iam" }}accountPasswordPolicy
Schema
{ "type": "object", "properties": { "MinimumPasswordLength": { "type": "integer", "minimum": 6, "maximum": 128, "tests": [ { "input": 5 }, { "input": 7 }, { "description": "minimum", "input": 6 }, { "description": "maximum", "input": 128 }, { "description": "invalid - decimal value provided", "input": 4.5, "expected": false }, { "description": "invalid - string type provided", "input": "three", "expected": false }, { "description": "invalid - less than minimum", "input": 1, "expected": false }, { "description": "invalid - greater than maximum", "input": 129, "expected": false } ] }, "RequireSymbols": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "RequireNumbers": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "RequireUppercaseCharacters": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "RequireLowercaseCharacters": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "AllowUsersToChangePassword": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "ExpirePasswords": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "HardExpiry": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "PasswordReusePrevention": { "type": "integer", "minimum": 1, "maximum": 24, "tests": [ { "input": 5 }, { "input": 7 }, { "description": "minimum", "input": 1 }, { "description": "maximum", "input": 24 }, { "description": "invalid - decimal value provided", "input": 4.5, "expected": false }, { "description": "invalid - string type provided", "input": "three", "expected": false }, { "description": "invalid - less than minimum", "input": 0, "expected": false }, { "description": "invalid - greater than maximum", "input": 129, "expected": false } ] }, "MaxPasswordAge": { "type": "integer", "minimum": 1, "maximum": 1095, "tests": [ { "input": 50 }, { "input": 70 }, { "description": "minimum", "input": 1 }, { "description": "maximum", "input": 1095 }, { "description": "invalid - decimal value provided", "input": 4.5, "expected": false }, { "description": "invalid - string type provided", "input": "three", "expected": false }, { "description": "invalid - less than minimum", "input": 0, "expected": false }, { "description": "invalid - greater than maximum", "input": 1290, "expected": false } ] }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/accountPasswordPolicyAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "type": "string" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "turbot", "MinimumPasswordLength", "RequireSymbols", "RequireNumbers", "RequireUppercaseCharacters", "RequireLowercaseCharacters", "AllowUsersToChangePassword", "ExpirePasswords" ], "tests": [ { "description": "Valid - Base case", "input": { "MinimumPasswordLength": 14, "RequireSymbols": true, "RequireNumbers": true, "RequireUppercaseCharacters": true, "RequireLowercaseCharacters": true, "AllowUsersToChangePassword": false, "ExpirePasswords": true, "turbot": { "akas": [ "arn:aws:iam::123456789012:accountPasswordPolicy" ], "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing Guardrails data", "input": { "MinimumPasswordLength": 14, "RequireSymbols": true, "RequireNumbers": true, "RequireUppercaseCharacters": true, "RequireLowercaseCharacters": true, "AllowUsersToChangePassword": false, "ExpirePasswords": true }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accountPasswordPolicy", "modUri": "tmod:@turbot/aws-iam" }}accountPasswordPolicyAka
Schema
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:accountPasswordPolicy$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:accountPasswordPolicy" }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam:123456764765789012:accountPasswordPolicy", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accountPasswordPolicyAka", "modUri": "tmod:@turbot/aws-iam" }}accountSummary
Schema
{ "type": "object", "properties": { "GroupPolicySizeQuota": { "$ref": "#/definitions/genericNumber" }, "InstanceProfilesQuota": { "$ref": "#/definitions/genericNumber" }, "Policies": { "$ref": "#/definitions/genericNumber" }, "GroupsPerUserQuota": { "$ref": "#/definitions/genericNumber" }, "InstanceProfiles": { "$ref": "#/definitions/genericNumber" }, "AttachedPoliciesPerUserQuota": { "$ref": "#/definitions/genericNumber" }, "Users": { "$ref": "#/definitions/genericNumber" }, "PoliciesQuota": { "$ref": "#/definitions/genericNumber" }, "Providers": { "$ref": "#/definitions/genericNumber" }, "AccountMFAEnabled": { "$ref": "#/definitions/genericNumber" }, "AccessKeysPerUserQuota": { "$ref": "#/definitions/genericNumber" }, "AssumeRolePolicySizeQuota": { "$ref": "#/definitions/genericNumber" }, "PolicyVersionsInUseQuota": { "$ref": "#/definitions/genericNumber" }, "VersionsPerPolicyQuota": { "$ref": "#/definitions/genericNumber" }, "AttachedPoliciesPerGroupQuota": { "$ref": "#/definitions/genericNumber" }, "PolicySizeQuota": { "$ref": "#/definitions/genericNumber" }, "Groups": { "$ref": "#/definitions/genericNumber" }, "AccountSigningCertificatesPresent": { "$ref": "#/definitions/genericNumber" }, "UsersQuota": { "$ref": "#/definitions/genericNumber" }, "ServerCertificatesQuota": { "$ref": "#/definitions/genericNumber" }, "MFADevices": { "$ref": "#/definitions/genericNumber" }, "UserPolicySizeQuota": { "$ref": "#/definitions/genericNumber" }, "PolicyVersionsInUse": { "$ref": "#/definitions/genericNumber" }, "ServerCertificates": { "$ref": "#/definitions/genericNumber" }, "Roles": { "$ref": "#/definitions/genericNumber" }, "RolesQuota": { "$ref": "#/definitions/genericNumber" }, "SigningCertificatesPerUserQuota": { "$ref": "#/definitions/genericNumber" }, "MFADevicesInUse": { "$ref": "#/definitions/genericNumber" }, "RolePolicySizeQuota": { "$ref": "#/definitions/genericNumber" }, "AttachedPoliciesPerRoleQuota": { "$ref": "#/definitions/genericNumber" }, "AccountAccessKeysPresent": { "$ref": "#/definitions/genericNumber" }, "GroupsQuota": { "$ref": "#/definitions/genericNumber" }, "GlobalEndpointTokenVersion": { "$ref": "#/definitions/genericNumber" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/accountSummaryAka" } }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "AccessKeysPerUserQuota": 2, "AccountAccessKeysPresent": 1, "AccountMFAEnabled": 0, "AccountSigningCertificatesPresent": 0, "AttachedPoliciesPerGroupQuota": 10, "AttachedPoliciesPerRoleQuota": 10, "AttachedPoliciesPerUserQuota": 10, "GroupPolicySizeQuota": 5120, "Groups": 15, "GroupsPerUserQuota": 10, "GroupsQuota": 100, "MFADevices": 6, "MFADevicesInUse": 3, "Policies": 8, "PoliciesQuota": 1000, "PolicySizeQuota": 5120, "PolicyVersionsInUse": 22, "PolicyVersionsInUseQuota": 10000, "ServerCertificates": 1, "ServerCertificatesQuota": 20, "SigningCertificatesPerUserQuota": 2, "UserPolicySizeQuota": 2048, "Users": 27, "UsersQuota": 5000, "VersionsPerPolicyQuota": 5, "turbot": { "akas": [ "arn:aws:iam::123456789012:accountSummary" ], "custom": { "aws": { "accountId": 123456789012 } } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accountSummary", "modUri": "tmod:@turbot/aws-iam" }}accountSummaryAka
Schema
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:accountSummary$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:accountSummary" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:ec2:us-east-1:123456789012:instances/i-a2345678", "expected": false }, { "description": "Invalid - Malformed region name", "input": "arn:aws:ec2:use-east-1:123456789012:instances/i-a2345678", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:ec2:us-east-1:1234567890123:instances/i-a2345678", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accountSummaryAka", "modUri": "tmod:@turbot/aws-iam" }}api
Schema
{ "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[*])$", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/api", "modUri": "tmod:@turbot/aws-iam" }}apiBoundaries
Schema
{ "type": "array", "items": { "type": "object", "additionalProperties": false, "properties": { "regionScope": { "type": "string", "enum": [ "regional", "global" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/regionScope", "modUri": "tmod:@turbot/aws-iam" } }, "api": { "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[*])$", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/api", "modUri": "tmod:@turbot/aws-iam" } } }, "required": [ "api", "regionScope" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/apiBoundary", "modUri": "tmod:@turbot/aws-iam" } }, "tests": [ { "description": "Valid test", "input": [ { "api": "ec2:*", "regionScope": "regional" } ] } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/apiBoundaries", "modUri": "tmod:@turbot/aws-iam" }}apiBoundary
Schema
{ "type": "object", "additionalProperties": false, "properties": { "regionScope": { "type": "string", "enum": [ "regional", "global" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/regionScope", "modUri": "tmod:@turbot/aws-iam" } }, "api": { "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[*])$", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/api", "modUri": "tmod:@turbot/aws-iam" } } }, "required": [ "api", "regionScope" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/apiBoundary", "modUri": "tmod:@turbot/aws-iam" }}assignmentStatus
Schema
{ "type": "string", "default": "Any", "enum": [ "Assigned", "Unassigned", "Any" ], "tests": [ { "input": "Assigned" }, { "input": "Any" }, { "description": "invalid - not listed in options", "input": "Reassigned", "expected": false }, { "description": "invalid - null value", "input": null, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/assignmentStatus", "modUri": "tmod:@turbot/aws-iam" }}assumeRolePolicyDocument
Schema
{ "type": "object", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/assumeRolePolicyDocument", "modUri": "tmod:@turbot/aws-iam" }}attachmentCount
Schema
{ "type": "integer", "tests": [ { "input": 123456789 }, { "input": 4 }, { "description": "invalid - string type provided", "input": "three", "expected": false }, { "description": "invalid - decimal value provided", "input": 4.5, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/attachmentCount", "modUri": "tmod:@turbot/aws-iam" }}awsLevelDefinition
Schema
{ "description": "Internal format for Guardrails Levels.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/aws" } }, "required": [ "level", "type" ], "additionalProperties": false, "tests": [ { "description": "Valid level definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/aws-s3#/permission/types/s3" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinition", "modUri": "tmod:@turbot/aws-iam" }}awsLevelDefinitionList
Schema
{ "description": "Internal format for Guardrails Levels registrations.", "type": "array", "items": { "description": "Internal format for Guardrails Levels.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/aws" } }, "required": [ "level", "type" ], "additionalProperties": false, "tests": [ { "description": "Valid level definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/aws-s3#/permission/types/s3" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinition", "modUri": "tmod:@turbot/aws-iam" } }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinitionList", "modUri": "tmod:@turbot/aws-iam" }}awsModifier
Schema
{ "type": "object", "patternProperties": { "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[A-Za-z0-9]+)$": { "type": "string", "pattern": "^user|metadata|readonly|admin|owner|operator|none|whitelist|superuser", "tests": [ { "input": "metadata" }, { "input": "operator" }, { "description": "invalid - includes $", "input": "something", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsModifierLevelReference", "modUri": "tmod:@turbot/aws-iam" } } }, "additionalProperties": false, "tests": [ { "description": "valid - base case", "input": { "s3:create": "metadata" } }, { "description": "invalid - level", "input": { "s3:create": "some" }, "expected": false }, { "description": "invalid - perms", "input": { "s3:": "some" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsModifier", "modUri": "tmod:@turbot/aws-iam" }}awsModifierLevelReference
Schema
{ "type": "string", "pattern": "^user|metadata|readonly|admin|owner|operator|none|whitelist|superuser", "tests": [ { "input": "metadata" }, { "input": "operator" }, { "description": "invalid - includes $", "input": "something", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsModifierLevelReference", "modUri": "tmod:@turbot/aws-iam" }}awsModifierList
Schema
{ "default": [], "type": "array", "items": { "type": "object", "patternProperties": { "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[A-Za-z0-9]+)$": { "type": "string", "pattern": "^user|metadata|readonly|admin|owner|operator|none|whitelist|superuser", "tests": [ { "input": "metadata" }, { "input": "operator" }, { "description": "invalid - includes $", "input": "something", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsModifierLevelReference", "modUri": "tmod:@turbot/aws-iam" } } }, "additionalProperties": false, "tests": [ { "description": "valid - base case", "input": { "s3:create": "metadata" } }, { "description": "invalid - level", "input": { "s3:create": "some" }, "expected": false }, { "description": "invalid - perms", "input": { "s3:": "some" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsModifier", "modUri": "tmod:@turbot/aws-iam" } }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsModifierList", "modUri": "tmod:@turbot/aws-iam" }}awsPermissionLevelReference
Schema
{ "allOf": [ { "$ref": "turbot#/definitions/permissionLevelReference" }, { "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" } ], "tests": [ { "description": "valid permission type", "input": "tmod:@turbot/aws-s3#/permission/levels/admin" }, { "description": "invalid - aws permission type", "input": "tmod:@turbot/azure-storage#/permission/types/storage", "expected": false }, { "description": "invalid - category", "input": "tmod:@turbot/aws-s3#/control/types/bucketApproved", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsPermissionLevelReference", "modUri": "tmod:@turbot/aws-iam" }}awsPermissionReference
Schema
{ "allOf": [ { "$ref": "turbot#/definitions/permissionReference" }, { "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:\\*|[A-Za-z0-9]+)$" } ], "tests": [ { "description": "valid", "input": "test:me" }, { "description": "valid", "input": "test:you" }, { "description": "valid", "input": "test:*" }, { "description": "valid", "input": "S3:Test" }, { "description": "valid", "input": "cognito-sync:test" }, { "description": "valid", "input": "a:test" }, { "description": "invalid - aws permission", "input": "some-:t", "expected": false }, { "description": "invalid - no space", "input": "some- :t", "expected": false }, { "description": "invalid - should not start with -", "input": "-as:t", "expected": false }, { "description": "invalid - should not end with multiple **", "input": "-as:t**", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsPermissionReference", "modUri": "tmod:@turbot/aws-iam" }}awsPermissionTypeReference
Schema
{ "allOf": [ { "$ref": "turbot#/definitions/permissionTypeReference" }, { "pattern": "^tmod:@turbot/aws" } ], "tests": [ { "description": "valid permission type", "input": "tmod:@turbot/aws-s3#/permission/types/s3" }, { "description": "invalid - aws permission type", "input": "tmod:@turbot/azure-storage#/permission/types/storage", "expected": false }, { "description": "invalid - category", "input": "tmod:@turbot/aws-s3#/control/types/bucketApproved", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsPermissionTypeReference", "modUri": "tmod:@turbot/aws-iam" }}awsRightDefinition
Schema
{ "description": "Internal format for Guardrails Rights registrations.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/aws" }, "permission": { "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:\\*|[A-Za-z0-9]+)$" } }, "required": [ "level", "type", "permission" ], "additionalProperties": false, "tests": [ { "description": "Valid right definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/aws-s3#/permission/types/s3", "permission": "s3:createBucket" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3", "permission": "s3:createBucket" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo", "permission": "s3:createBucket" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar", "permission": "s3:createBucket" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsRightDefinition", "modUri": "tmod:@turbot/aws-iam" }}awsRightDefinitionList
Schema
{ "description": "Internal format for Guardrails Rights registrations.", "type": "array", "items": { "description": "Internal format for Guardrails Rights registrations.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/aws" }, "permission": { "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:\\*|[A-Za-z0-9]+)$" } }, "required": [ "level", "type", "permission" ], "additionalProperties": false, "tests": [ { "description": "Valid right definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/aws-s3#/permission/types/s3", "permission": "s3:createBucket" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3", "permission": "s3:createBucket" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo", "permission": "s3:createBucket" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar", "permission": "s3:createBucket" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsRightDefinition", "modUri": "tmod:@turbot/aws-iam" } }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsRightDefinitionList", "modUri": "tmod:@turbot/aws-iam" }}boundaryPermissionPolicy
Schema
{ "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^[A-Za-z0-9_+=,.@-]+$", "tests": [ { "input": "Foo,barbar" }, { "description": "max length", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_1234a23456789_123456789_123456789_123456789_123456789_123456789_1234" }, { "description": "invalid - empty string", "input": "", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/boundaryPermissionPolicy", "modUri": "tmod:@turbot/aws-iam" }}certificateName
Schema
{ "type": "string", "pattern": "^[A-Za-z0-9_+=,.@-]{1,128}$", "tests": [ { "description": "Valid - Base case", "input": "test_certificate" }, { "description": "Invalid - length", "input": "testhfghdyrhjdkloifhryhsgywghasknaklncksbdcbsdjbsjbvjsbvjkbsjvbsjkbvsbvjsbjvbsjvbsbjksdbvjksbvjbsdvbsdvjskbvjsbvsbvjkbsdjvbklbvhvlwbjkwblvbwvwivbwvhwivbwv", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/certificateName", "modUri": "tmod:@turbot/aws-iam" }}clientId
Schema
{ "type": "string", "pattern": "^[a-zA-Z0-9:_.-/]{1,255}$", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/clientId", "modUri": "tmod:@turbot/aws-iam" }}clientIdList
Schema
{ "type": "array", "items": { "$ref": "#/definitions/clientId" }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/clientIdList", "modUri": "tmod:@turbot/aws-iam" }}createdAt
Schema
{ "anyOf": [ { "$ref": "turbot#/definitions/isoTimestamp" }, { "type": "null" } ], "tests": [ { "input": null }, { "input": "2021-08-31T07:29:15+00:00" }, { "description": "invalid - string provided", "input": "hello", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/createdAt", "modUri": "tmod:@turbot/aws-iam" }}credentialInfo
Schema
{ "type": "object", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/credentialInfo", "modUri": "tmod:@turbot/aws-iam" }}credentialReport
Schema
{ "type": "object", "properties": { "credentialInfo": { "$ref": "#/definitions/credentialInfo" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/credentialReportAka" } }, "title": { "$ref": "#/definitions/reportItemsElements" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "credentialInfo": { "<root_account>": { "user": "<root_account>", "arn": "arn:aws:iam::541046466378:root", "user_creation_time": "2018-03-15T09:57:32+00:00", "password_enabled": "not_supported", "password_last_used": "2018-03-15T10:04:09+00:00", "password_last_changed": "not_supported", "password_next_rotation": "not_supported", "mfa_active": "false", "access_key_1_active": "false", "access_key_1_last_rotated": "N/A", "access_key_1_last_used_date": "N/A", "access_key_1_last_used_region": "N/A", "access_key_1_last_used_service": "N/A", "access_key_2_active": "false", "access_key_2_last_rotated": "N/A", "access_key_2_last_used_date": "N/A", "access_key_2_last_used_region": "N/A", "access_key_2_last_used_service": "N/A", "cert_1_active": "false", "cert_1_last_rotated": "N/A", "cert_2_active": "false", "cert_2_last_rotated": "N/A" }, "abhinash": { "user": "abhinash", "arn": "arn:aws:iam::541046466378:user/turbot/account/federated/abhinash", "user_creation_time": "2019-03-27T15:37:23+00:00", "password_enabled": "false", "password_last_used": "N/A", "password_last_changed": "N/A", "password_next_rotation": "N/A", "mfa_active": "false", "access_key_1_active": "false", "access_key_1_last_rotated": "N/A", "access_key_1_last_used_date": "N/A", "access_key_1_last_used_region": "N/A", "access_key_1_last_used_service": "N/A", "access_key_2_active": "false", "access_key_2_last_rotated": "N/A", "access_key_2_last_used_date": "N/A", "access_key_2_last_used_region": "N/A", "access_key_2_last_used_service": "N/A", "cert_1_active": "false", "cert_1_last_rotated": "N/A", "cert_2_active": "false", "cert_2_last_rotated": "N/A" } }, "turbot": { "akas": [ "arn:aws:iam::aws:123456789012:credentialReport" ], "title": "credentialReport", "custom": { "aws": { "accountId": 123456789012 } } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/credentialReport", "modUri": "tmod:@turbot/aws-iam" }}credentialReportAka
Schema
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::aws:[0-9]{12}:credentialReport$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::aws:492552618977:credentialReport" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::aws:00011101982:group/aa", "expected": false }, { "description": "Invalid - Missing ID", "input": "arn:aws:iam::aws:group/test01", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/credentialReportAka", "modUri": "tmod:@turbot/aws-iam" }}defaultVersionId
Schema
{ "type": "string", "pattern": "^v[1-9][0-9]*(.[A-Za-z0-9-]*)?$", "tests": [ { "input": "v1.5" }, { "input": "v11.6" }, { "input": "v99.bA" }, { "description": "invalid - should start with letter v", "input": 1, "expected": false }, { "descrption": "invalid - version should start with 1", "input": "v0.1", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/defaultVersionId", "modUri": "tmod:@turbot/aws-iam" }}description
Schema
{ "type": "string", "maxLength": 1000, "tests": [ { "input": "Foo,foo+fOO" }, { "input": "00123" }, { "input": "ab@cde" }, { "input": "Test.The-KitchenSink" }, { "description": "empty string", "input": "" } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/description", "modUri": "tmod:@turbot/aws-iam" }}genericNumber
Schema
{ "type": "integer", "tests": [ { "input": 1234 } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/genericNumber", "modUri": "tmod:@turbot/aws-iam" }}group
Schema
{ "type": "object", "properties": { "Arn": { "$ref": "#/definitions/userArn" }, "CreateDate": { "$ref": "turbot#/definitions/isoTimestamp" }, "GroupId": { "$ref": "#/definitions/userId" }, "GroupName": { "$ref": "#/definitions/policyName" }, "Path": { "$ref": "#/definitions/userPath" }, "Users": { "type": "array" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/groupAka" } }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "Arn": "arn:aws:iam::123456789012:group/Admins", "title": "Admins", "CreateDate": "2018-30-07T18:15:20.000Z", "GroupName": "Admins", "GroupId": "AGPACKCEVSQ6C2EXAMPLE", "Path": "/division_abc/subdivision_xyz/", "turbot": { "akas": [ "arn:aws:iam::123456789012:group/Admins" ], "title": "Admins", "custom": { "aws": { "accountId": 123456789012, "regionName": "us-east-1" } } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/group", "modUri": "tmod:@turbot/aws-iam" }}groupAka
Schema
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:group/[A-Za-z0-9_+=,.@-]+$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:group/Admins" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::123456789012:groups/Admins", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam::123456789012234:group/Admins", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/groupAka", "modUri": "tmod:@turbot/aws-iam" }}groupInlinePolicy
Schema
{ "type": "object", "properties": { "GroupName": { "$ref": "#/definitions/policyName" }, "PolicyName": { "$ref": "#/definitions/policyName" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/groupInlinePolicyAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/policyName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "PolicyName", "turbot", "GroupName" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "GroupName": "test01", "PolicyName": "admin1", "turbot": { "akas": [ "arn:aws:iam::123456789012:group/test01/inline-policy/admin_1" ], "title": "admin1", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing group name", "input": { "PolicyName": "admin1", "turbot": { "akas": [ "arn:aws:iam::123456789012:goup/test01/inline-policy/admin_1" ], "title": "admin_1", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "GroupName": "test01", "PolicyName": "admin1" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/groupInlinePolicy", "modUri": "tmod:@turbot/aws-iam" }}groupInlinePolicyAka
Schema
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:group/[A-Za-z0-9_+=,.@-]{1,64}/inline-policy/[A-Za-z0-9_+=,.@-]+$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:group/test01/inline-policy/hf" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::123456789012:groups/test01/inline-policy/hf", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam::4653726:group/test01/inline-policy/hf", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/groupInlinePolicyAka", "modUri": "tmod:@turbot/aws-iam" }}groupPolicyAttachment
Schema
{ "type": "object", "properties": { "GroupName": { "$ref": "#/definitions/policyName" }, "PolicyName": { "$ref": "#/definitions/policyName" }, "PolicyArn": { "$ref": "#/definitions/userArn" }, "Id": { "$ref": "#/definitions/policyAttachmentId" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/groupPolicyAttachmentAka" } }, "title": { "$ref": "#/definitions/policyAttachmentId" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "GroupName": "test01", "PolicyName": "admin_1", "Id": "test01-admin_1", "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "turbot": { "akas": [ "arn:aws:iam::492552618977:group/test01/policy-attachment/AmazonEKSClusterPolicy" ], "title": "test01-admin_1", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing PolicyName", "input": { "GroupName": "test01", "Id": "test01-admin_1", "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "turbot": { "akas": [ "arn:aws:iam::aws:492552618977:group/test01/policy-attachment/AmazonEKSClusterPolicy" ], "title": "Admin", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false }, { "description": "Invalid - Missing turbot data", "input": { "GroupId": "AGPAJT5UGJLFBILHJUOXC", "Id": "test01-AmazonEKSClusterPolicy", "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "UserName": "Bob" } }, { "description": "Inalid - Missing Id", "input": { "GroupName": "test01", "PolicyName": "admin_1", "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "turbot": { "akas": [ "arn:aws:iam::492552618977:group/test01/policy-attachment/AmazonEKSClusterPolicy" ], "title": "Admin", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/groupPolicyAttachment", "modUri": "tmod:@turbot/aws-iam" }}groupPolicyAttachmentAka
Schema
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:group/[A-Za-z0-9_+=,.@-]{1,64}/policy-attachment/[A-Za-z0-9_.-]{1,128}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::492552618977:group/test01/policy-attachment/policyname0123" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::aws:00011101982:groups/aa/policy-attachment/policyname123", "expected": false }, { "description": "Invalid - Missing ID", "input": "arn:aws:iam::aws:group/test01/policy-attachment/policyname123", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/groupPolicyAttachmentAka", "modUri": "tmod:@turbot/aws-iam" }}iam
Schema
{ "allOf": [ { "$ref": "turbot#/definitions/service" }, { "type": "object", "properties": { "name": { "const": "IAM" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/iamAka" } }, "title": { "const": "IAM" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" } } } } } }, "required": [ "name", "turbot" ], "additionalProperties": true, "tests": [ { "description": "iam", "input": { "name": "IAM", "turbot": { "akas": [ "arn:aws:iam::123456789012" ], "title": "IAM", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Name does not match", "input": { "name": "IAM", "turbot": { "akas": [ "arn:aws:iam::123456789012" ], "title": "IAM", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false }, { "description": "Invalid - Service Name missing", "input": { "turbot": { "akas": [ "arn:aws:iam::123456789012" ], "title": "IAM", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false } ] } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/iam", "modUri": "tmod:@turbot/aws-iam" }}iamAka
Schema
{ "type": "string", "pattern": "arn:aws(-us-gov|-cn)?:iam::[0-9]{12}$", "tests": [ { "description": "base", "input": "arn:aws:iam::123456789012" }, { "description": "invalid service name", "input": "arn:aws:iamjhkjfh::123456789012", "expected": false }, { "description": "invalid account id", "input": "arn:aws:iam::1234567890128364859934", "expected": false }, { "description": "invalid provider name", "input": "arn:gcp:iam::1234567890128364859934", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/iamAka", "modUri": "tmod:@turbot/aws-iam" }}iamPolicy
Schema
{ "type": "object", "properties": { "Arn": { "$ref": "#/definitions/userArn" }, "AttachmentCount": { "$ref": "#/definitions/attachmentCount" }, "DefaultVersionId": { "$ref": "#/definitions/defaultVersionId" }, "Description": { "$ref": "#/definitions/description" }, "IsAttachable": { "type": "boolean" }, "Path": { "$ref": "#/definitions/policyPath" }, "PermissionsBoundaryUsageCount": { "$ref": "#/definitions/attachmentCount" }, "PolicyId": { "$ref": "#/definitions/userId" }, "PolicyName": { "$ref": "#/definitions/policyName" }, "UpdateDate": { "$ref": "turbot#/definitions/isoTimestamp" }, "PolicyArn": { "$ref": "#/definitions/userArn" }, "PolicyVersion": { "$ref": "#/definitions/policyVersion" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/userArn" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/policyName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "lastUsedTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Base case", "input": { "Arn": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket", "AttachmentCount": 9, "DefaultVersionId": "v1", "Path": "/", "PolicyId": "AGPACKCEVSQ6C2EXAMPLE", "PolicyName": "S3-read-only-example-bucket", "Description": "Allows read-only access to the example bucket", "UpdateDate": "2018-12-21T18:15:20.000Z", "turbot": { "akas": [ "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "S3-read-only-example-bucket", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing PolicyName", "input": { "Arn": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket", "AttachmentCount": 9, "DefaultVersionId": "v1", "Path": "/", "PolicyId": "AGPACKCEVSQ6C2EXAMPLE", "Description": "Allows read-only access to the example bucket", "UpdateDate": "2018-12-21T18:15:20.000Z", "turbot": { "akas": [ "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "S3-read-only-example-bucket", "custom": { "aws": { "accountId": 123456789012, "createTimestamp": "2018-10-08T09:22:07.000Z" } } } }, "expected": false }, { "description": "Invalid - Missing Arn", "input": { "AttachmentCount": 9, "DefaultVersionId": "v1", "Path": "/", "PolicyName": "S3-read-only-example-bucket", "PolicyId": "AGPACKCEVSQ6C2EXAMPLE", "Description": "Allows read-only access to the example bucket", "UpdateDate": "2018-12-21T18:15:20.000Z", "turbot": { "akas": [ "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "S3-read-only-example-bucket", "custom": { "aws": { "accountId": 123456789012, "createTimestamp": "2018-10-08T09:22:07.000Z" } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "Arn": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket", "AttachmentCount": 9, "DefaultVersionId": "v1", "Path": "/", "PolicyId": "AGPACKCEVSQ6C2EXAMPLE", "PolicyName": "S3-read-only-example-bucket", "Description": "Allows read-only access to the example bucket", "UpdateDate": "2018-12-21T18:15:20.000Z" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/iamPolicy", "modUri": "tmod:@turbot/aws-iam" }}instanceProfile
Schema
{ "type": "object", "properties": { "Arn": { "$ref": "#/definitions/instanceProfileAka" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "InstanceProfileName": { "$ref": "#/definitions/instanceProfileName" }, "Tags": { "$ref": "aws#/definitions/tagList" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/instanceProfileAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/instanceProfileName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "All properties given", "input": { "Arn": "arn:aws:iam::123456789012:instance-profile/turbot_instanceProfile_metadata", "CreateDate": "2018-01-21T18:15:20.000Z", "InstanceProfileName": "testinstanceProfile", "turbot": { "akas": [ "arn:aws:iam::123456789012:instance-profile/turbot_instanceProfile_metadata" ], "title": "i-a2345678", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing Guardrails Data", "input": { "instanceProfileName": "AWSServiceinstanceProfileForAmazonGuardDuty", "title": "Test-instanceProfile", "Tags": [ { "Key": "Name", "Value": "testkey0" }, { "Key": "Name1", "Value": "testkey01" } ] }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/instanceProfile", "modUri": "tmod:@turbot/aws-iam" }}instanceProfileAka
Schema
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:instance-profile/[A-Za-z0-9_+=,.@-]{1,64}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:instance-profile/turbot_instanceProfile_metadata" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:ec2:123456789012:instance-profiles/turbot_instanceProfile_metadata", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:ec2:1234567892101489:instance-profile/turbot_instanceProfile_metadata", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/instanceProfileAka", "modUri": "tmod:@turbot/aws-iam" }}instanceProfileName
Schema
{ "type": "string", "pattern": "^[-0-9a-zA-Z_+=,.@]{1,128}$", "tests": [ { "description": "Base test case", "input": "sad" }, { "input": "sdsadcxa123acAXSASD" }, { "input": "00123" }, { "description": "invalid - empty string", "input": "", "expected": false }, { "description": "invalid - exceeding maximum limit", "input": "sdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAX", "expected": false }, { "description": "invalid - invalid character ~", "input": "SADSA~asdsad", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/instanceProfileName", "modUri": "tmod:@turbot/aws-iam" }}lastResourceAnalyzedAt
Schema
{ "anyOf": [ { "$ref": "turbot#/definitions/isoTimestamp" }, { "type": "null" } ], "tests": [ { "input": null }, { "input": "2021-08-31T07:29:15+00:00" }, { "description": "invalid - string provided", "input": "hello", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/lastResourceAnalyzedAt", "modUri": "tmod:@turbot/aws-iam" }}marker
Schema
{ "type": "string", "minLength": 1, "maxLength": 320, "pattern": "^[ -ÿ]+$", "tests": [ { "input": "Foo,foo+fOO-bar" }, { "input": "00123" }, { "input": "ab@cde.com" }, { "input": "Test.The-Kitchen_Sink" }, { "description": "min length", "input": "/" }, { "description": "max length", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678_123456789_123456789_123456789_123456789_123456789_123456789_123" }, { "description": "invalid - too long", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678_123456789_123456789_123456789_123456789_123456789_123456789_12345", "expected": false }, { "description": "invalid - empty string", "input": "", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/marker", "modUri": "tmod:@turbot/aws-iam" }}maxSessionDuration
Schema
{ "type": "integer", "minimum": 3600, "maximum": 43200, "tests": [ { "input": 12345 }, { "description": "min value", "input": 3600 }, { "description": "max value", "input": 43200 }, { "description": "invalid - greater than max value", "input": 11111111, "expected": false }, { "description": "invalid - string type provided", "input": "three", "expected": false }, { "description": "invalid - decimal value provided", "input": 4.5, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/maxSessionDuration", "modUri": "tmod:@turbot/aws-iam" }}mfaVirtual
Schema
{ "type": "object", "properties": { "AssignmentStatus": { "$ref": "#/definitions/assignmentStatus" }, "VirtualMFADevices": { "$ref": "#/definitions/virtualMFADevices" }, "IsTruncated": { "type": "boolean" }, "Marker": { "$ref": "#/definitions/marker" }, "MaxItems": { "$ref": "#/definitions/virtualMfaMaxItems" }, "Tags": { "$ref": "aws#/definitions/tagList" }, "EnableDate": { "$ref": "turbot#/definitions/isoTimestamp" }, "SerialNumber": { "$ref": "#/definitions/serialNumber" }, "User": { "$ref": "#/definitions/userName" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/mfaVirtualAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/userName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "SerialNumber", "turbot" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "AssignmentStatus": "Any", "Marker": "a123", "MaxItems": 100, "SerialNumber": "arn:aws:iam::492552618977:mfa/test_user", "Tags": [ { "Key": "Env", "Value": "Test" }, { "Key": "App", "Value": "Facebook" } ], "turbot": { "akas": [ "arn:aws:iam::492552618977:mfa/test_user" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "Susan", "custom": { "aws": { "accountId": 492552618977 } } } } }, { "description": "Invalid - Missing SerialNumber", "input": { "AssignmentStatus": "Assigned", "UserName": "Susan", "Marker": "/", "MaxItems": 1, "Tags": [ { "Key": "Env", "Value": "Test" }, { "Key": "App", "Value": "Facebook" } ], "turbot": { "akas": [ "arn:aws:iam::492552618977:mfa/test_user" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "Susan", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "SerialNumber": "arn:aws:iam::492552618977:mfa/test_user", "Tags": [ { "Key": "Env", "Value": "Test" }, { "Key": "App", "Value": "Facebook" } ], "UserName": "Susan" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/mfaVirtual", "modUri": "tmod:@turbot/aws-iam" }}mfaVirtualAka
Schema
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:mfa/[A-Za-z0-9_-]{1,64}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::492552618977:mfa/test_user" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::492552618977:mfaa/test_user", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam::389739167:mfa/test_user", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/mfaVirtualAka", "modUri": "tmod:@turbot/aws-iam" }}openIdConnect
Schema
{ "type": "object", "properties": { "Arn": { "$ref": "#/definitions/openIdConnectAka" }, "Url": { "type": "string" }, "ClientIDList": { "$ref": "#/definitions/clientIdList" }, "ThumbprintList": { "$ref": "#/definitions/thumbprintList" }, "CreateDate": { "$ref": "turbot#/definitions/isoTimestamp" }, "Tags": { "$ref": "aws#/definitions/tagList" }, "turbot": { "type": "object", "properties": { "akas": {