Definitions for @turbot/aws-iam
- accessAnalyzer
- accessAnalyzerArn
- accessAnalyzerName
- accessAnalyzerStatus
- accessAnalyzerType
- accessKey
- accessKeyAka
- accountPasswordPolicy
- accountPasswordPolicyAka
- accountSummary
- accountSummaryAka
- api
- apiBoundaries
- apiBoundary
- assignmentStatus
- assumeRolePolicyDocument
- attachmentCount
- awsLevelDefinition
- awsLevelDefinitionList
- awsModifier
- awsModifierLevelReference
- awsModifierList
- awsPermissionLevelReference
- awsPermissionReference
- awsPermissionTypeReference
- awsRightDefinition
- awsRightDefinitionList
- boundaryPermissionPolicy
- certificateName
- clientId
- clientIdList
- createdAt
- credentialInfo
- credentialReport
- credentialReportAka
- defaultVersionId
- description
- genericNumber
- group
- groupAka
- groupInlinePolicy
- groupInlinePolicyAka
- groupPolicyAttachment
- groupPolicyAttachmentAka
- groupServiceNow
- iam
- iamAka
- iamPolicy
- instanceProfile
- instanceProfileAka
- instanceProfileName
- lastResourceAnalyzedAt
- marker
- maxSessionDuration
- mfaVirtual
- mfaVirtualAka
- openIdConnect
- openIdConnectAka
- passwordLastUsed
- policyAttachmentId
- policyName
- policyPath
- policyVersion
- regionScope
- reportItemsElements
- restrictedApisBudgetState
- restrictedApisBudgetStateApis
- restrictedApisPermissions
- role
- roleAka
- roleInlinePolicy
- roleInlinePolicyAka
- rolePolicyAttachment
- rolePolicyAttachmentAka
- roleServiceNow
- root
- rootUserArn
- secretAccessKey
- serialNumber
- serverCertificate
- serverCertificateAka
- status
- thumbprint
- thumbprintList
- turbotAwsLevelDefinitionList
- User
- user
- userAka
- userArn
- userGroupMembershipAka
- userGroupMemberships
- userId
- userInlinePolicy
- userInlinePolicyAka
- userName
- userPath
- userPolicyAttachment
- userPolicyAttachmentAka
- userServiceNow
- virtualMFADevices
- virtualMfaMaxItems
accessAnalyzer
{ "type": "object", "properties": { "arn": { "$ref": "#/definitions/accessAnalyzerArn" }, "createdAt": { "$ref": "#/definitions/createdAt" }, "lastResourceAnalyzed": { "type": "string" }, "lastResourceAnalyzedAt": { "$ref": "#/definitions/lastResourceAnalyzedAt" }, "name": { "$ref": "#/definitions/accessAnalyzerName" }, "status": { "$ref": "#/definitions/accessAnalyzerStatus" }, "type": { "$ref": "#/definitions/accessAnalyzerType" }, "tags": { "$ref": "aws#/definitions/tagList" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/accessAnalyzerArn" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/accessAnalyzerName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "arn": "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer", "createdAt": "2021-08-31T07:29:15+00:00", "lastResourceAnalyzed": "arn:aws:iam::986325076436:role/turbot/waf_readonly", "lastResourceAnalyzedAt": "2021-08-31T07:29:16.570000+00:00", "name": "sd-test-analyzer", "status": "ACTIVE", "tags": {}, "type": "ACCOUNT", "turbot": { "akas": [ "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer" ], "tags": {}, "title": "sd-test-analyzer", "custom": { "aws": { "accountId": 986325076436 }, "createTimestamp": "2018-12-21T18:15:20.000Z" } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzer", "modUri": "tmod:@turbot/aws-iam" }}
accessAnalyzerArn
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:access-analyzer:[a-z]{2}(-gov)?-[a-z]+-[0-9]:[0-9]{12}:analyzer/[A-Za-z][A-Za-z0-9_.-]{0,255}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:ec2:us-east-1:123456789012:instances/i-a2345678", "expected": false }, { "description": "Invalid - account id not valid", "input": "arn:aws:iam::1234234456789012:user/bob", "expected": false }, { "description": "Invalid - special character 0-9_+=,.@- are allowed", "input": "arn:aws:access-analyzer:us-east-1:986325076436:analyzer/sd-test-analyzer!!!", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerArn", "modUri": "tmod:@turbot/aws-iam" }}
accessAnalyzerName
{ "type": "string", "pattern": "^[A-Za-z][A-Za-z0-9_.-]{0,255}$", "tests": [ { "description": "Valid - Base case", "input": "sd-test-analyzer" } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerName", "modUri": "tmod:@turbot/aws-iam" }}
accessAnalyzerStatus
{ "type": "string", "enum": [ "ACTIVE", "CREATING", "DISABLED", "FAILED" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerStatus", "modUri": "tmod:@turbot/aws-iam" }}
accessAnalyzerType
{ "type": "string", "enum": [ "ACCOUNT", "ORGANIZATION" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessAnalyzerType", "modUri": "tmod:@turbot/aws-iam" }}
accessKey
{ "type": "object", "properties": { "AccessKeyId": { "$ref": "#/definitions/userId" }, "CreateDate": { "$ref": "turbot#/definitions/isoTimestamp" }, "SecretAccessKey": { "$ref": "#/definitions/secretAccessKey" }, "Status": { "$ref": "#/definitions/status" }, "UserName": { "$ref": "#/definitions/userName" }, "AccessKeyLastUsed": { "type": "object" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/accessKeyAka" } }, "title": { "$ref": "#/definitions/userName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "lastUsedTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "AccessKeyId": "AKIA1234567890EXAMPLE", "CreateDate": "2018-30-07T18:15:20.000Z", "SecretAccessKey": 100, "Status": "Active", "UserName": "Bob", "turbot": { "akas": [ "arn:aws:iam::123456789012:user/Bob/accesskey/AKIA1234567890EXAMPLE" ], "title": "Bob", "custom": { "aws": { "accountId": 123456789012 } } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessKey", "modUri": "tmod:@turbot/aws-iam" }}
accessKeyAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:user/[A-Za-z0-9_+=,.@-]{1,64}/accesskey/[A-Za-z0-9]{16,128}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:user/Bob/accesskey/AKIA1234567890EXAMPLE" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::123456789012:user/Bob/accesskeys/AKIA1234567890EXAMPLE", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam::1234567811213:user/Bob/accesskey/AKIA1234567890EXAMPLE", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accessKeyAka", "modUri": "tmod:@turbot/aws-iam" }}
accountPasswordPolicy
{ "type": "object", "properties": { "MinimumPasswordLength": { "type": "integer", "minimum": 6, "maximum": 128, "tests": [ { "input": 5 }, { "input": 7 }, { "description": "minimum", "input": 6 }, { "description": "maximum", "input": 128 }, { "description": "invalid - decimal value provided", "input": 4.5, "expected": false }, { "description": "invalid - string type provided", "input": "three", "expected": false }, { "description": "invalid - less than minimum", "input": 1, "expected": false }, { "description": "invalid - greater than maximum", "input": 129, "expected": false } ] }, "RequireSymbols": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "RequireNumbers": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "RequireUppercaseCharacters": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "RequireLowercaseCharacters": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "AllowUsersToChangePassword": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "ExpirePasswords": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "HardExpiry": { "type": "boolean", "tests": [ { "input": false }, { "input": true }, { "description": "invalid - array", "input": [], "expected": false }, { "description": "invalid - string", "input": "", "expected": false } ] }, "PasswordReusePrevention": { "type": "integer", "minimum": 1, "maximum": 24, "tests": [ { "input": 5 }, { "input": 7 }, { "description": "minimum", "input": 1 }, { "description": "maximum", "input": 24 }, { "description": "invalid - decimal value provided", "input": 4.5, "expected": false }, { "description": "invalid - string type provided", "input": "three", "expected": false }, { "description": "invalid - less than minimum", "input": 0, "expected": false }, { "description": "invalid - greater than maximum", "input": 129, "expected": false } ] }, "MaxPasswordAge": { "type": "integer", "minimum": 1, "maximum": 1095, "tests": [ { "input": 50 }, { "input": 70 }, { "description": "minimum", "input": 1 }, { "description": "maximum", "input": 1095 }, { "description": "invalid - decimal value provided", "input": 4.5, "expected": false }, { "description": "invalid - string type provided", "input": "three", "expected": false }, { "description": "invalid - less than minimum", "input": 0, "expected": false }, { "description": "invalid - greater than maximum", "input": 1290, "expected": false } ] }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/accountPasswordPolicyAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "type": "string" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "turbot", "MinimumPasswordLength", "RequireSymbols", "RequireNumbers", "RequireUppercaseCharacters", "RequireLowercaseCharacters", "AllowUsersToChangePassword", "ExpirePasswords" ], "tests": [ { "description": "Valid - Base case", "input": { "MinimumPasswordLength": 14, "RequireSymbols": true, "RequireNumbers": true, "RequireUppercaseCharacters": true, "RequireLowercaseCharacters": true, "AllowUsersToChangePassword": false, "ExpirePasswords": true, "turbot": { "akas": [ "arn:aws:iam::123456789012:accountPasswordPolicy" ], "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing Guardrails data", "input": { "MinimumPasswordLength": 14, "RequireSymbols": true, "RequireNumbers": true, "RequireUppercaseCharacters": true, "RequireLowercaseCharacters": true, "AllowUsersToChangePassword": false, "ExpirePasswords": true }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accountPasswordPolicy", "modUri": "tmod:@turbot/aws-iam" }}
accountPasswordPolicyAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:accountPasswordPolicy$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:accountPasswordPolicy" }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam:123456764765789012:accountPasswordPolicy", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accountPasswordPolicyAka", "modUri": "tmod:@turbot/aws-iam" }}
accountSummary
{ "type": "object", "properties": { "GroupPolicySizeQuota": { "$ref": "#/definitions/genericNumber" }, "InstanceProfilesQuota": { "$ref": "#/definitions/genericNumber" }, "Policies": { "$ref": "#/definitions/genericNumber" }, "GroupsPerUserQuota": { "$ref": "#/definitions/genericNumber" }, "InstanceProfiles": { "$ref": "#/definitions/genericNumber" }, "AttachedPoliciesPerUserQuota": { "$ref": "#/definitions/genericNumber" }, "Users": { "$ref": "#/definitions/genericNumber" }, "PoliciesQuota": { "$ref": "#/definitions/genericNumber" }, "Providers": { "$ref": "#/definitions/genericNumber" }, "AccountMFAEnabled": { "$ref": "#/definitions/genericNumber" }, "AccessKeysPerUserQuota": { "$ref": "#/definitions/genericNumber" }, "AssumeRolePolicySizeQuota": { "$ref": "#/definitions/genericNumber" }, "PolicyVersionsInUseQuota": { "$ref": "#/definitions/genericNumber" }, "VersionsPerPolicyQuota": { "$ref": "#/definitions/genericNumber" }, "AttachedPoliciesPerGroupQuota": { "$ref": "#/definitions/genericNumber" }, "PolicySizeQuota": { "$ref": "#/definitions/genericNumber" }, "Groups": { "$ref": "#/definitions/genericNumber" }, "AccountSigningCertificatesPresent": { "$ref": "#/definitions/genericNumber" }, "UsersQuota": { "$ref": "#/definitions/genericNumber" }, "ServerCertificatesQuota": { "$ref": "#/definitions/genericNumber" }, "MFADevices": { "$ref": "#/definitions/genericNumber" }, "UserPolicySizeQuota": { "$ref": "#/definitions/genericNumber" }, "PolicyVersionsInUse": { "$ref": "#/definitions/genericNumber" }, "ServerCertificates": { "$ref": "#/definitions/genericNumber" }, "Roles": { "$ref": "#/definitions/genericNumber" }, "RolesQuota": { "$ref": "#/definitions/genericNumber" }, "SigningCertificatesPerUserQuota": { "$ref": "#/definitions/genericNumber" }, "MFADevicesInUse": { "$ref": "#/definitions/genericNumber" }, "RolePolicySizeQuota": { "$ref": "#/definitions/genericNumber" }, "AttachedPoliciesPerRoleQuota": { "$ref": "#/definitions/genericNumber" }, "AccountAccessKeysPresent": { "$ref": "#/definitions/genericNumber" }, "GroupsQuota": { "$ref": "#/definitions/genericNumber" }, "GlobalEndpointTokenVersion": { "$ref": "#/definitions/genericNumber" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/accountSummaryAka" } }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "AccessKeysPerUserQuota": 2, "AccountAccessKeysPresent": 1, "AccountMFAEnabled": 0, "AccountSigningCertificatesPresent": 0, "AttachedPoliciesPerGroupQuota": 10, "AttachedPoliciesPerRoleQuota": 10, "AttachedPoliciesPerUserQuota": 10, "GroupPolicySizeQuota": 5120, "Groups": 15, "GroupsPerUserQuota": 10, "GroupsQuota": 100, "MFADevices": 6, "MFADevicesInUse": 3, "Policies": 8, "PoliciesQuota": 1000, "PolicySizeQuota": 5120, "PolicyVersionsInUse": 22, "PolicyVersionsInUseQuota": 10000, "ServerCertificates": 1, "ServerCertificatesQuota": 20, "SigningCertificatesPerUserQuota": 2, "UserPolicySizeQuota": 2048, "Users": 27, "UsersQuota": 5000, "VersionsPerPolicyQuota": 5, "turbot": { "akas": [ "arn:aws:iam::123456789012:accountSummary" ], "custom": { "aws": { "accountId": 123456789012 } } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accountSummary", "modUri": "tmod:@turbot/aws-iam" }}
accountSummaryAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:accountSummary$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:accountSummary" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:ec2:us-east-1:123456789012:instances/i-a2345678", "expected": false }, { "description": "Invalid - Malformed region name", "input": "arn:aws:ec2:use-east-1:123456789012:instances/i-a2345678", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:ec2:us-east-1:1234567890123:instances/i-a2345678", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/accountSummaryAka", "modUri": "tmod:@turbot/aws-iam" }}
api
{ "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[*])$", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/api", "modUri": "tmod:@turbot/aws-iam" }}
apiBoundaries
{ "type": "array", "items": { "type": "object", "additionalProperties": false, "properties": { "regionScope": { "type": "string", "enum": [ "regional", "global" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/regionScope", "modUri": "tmod:@turbot/aws-iam" } }, "api": { "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[*])$", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/api", "modUri": "tmod:@turbot/aws-iam" } } }, "required": [ "api", "regionScope" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/apiBoundary", "modUri": "tmod:@turbot/aws-iam" } }, "tests": [ { "description": "Valid test", "input": [ { "api": "ec2:*", "regionScope": "regional" } ] } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/apiBoundaries", "modUri": "tmod:@turbot/aws-iam" }}
apiBoundary
{ "type": "object", "additionalProperties": false, "properties": { "regionScope": { "type": "string", "enum": [ "regional", "global" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/regionScope", "modUri": "tmod:@turbot/aws-iam" } }, "api": { "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[*])$", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/api", "modUri": "tmod:@turbot/aws-iam" } } }, "required": [ "api", "regionScope" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/apiBoundary", "modUri": "tmod:@turbot/aws-iam" }}
assignmentStatus
{ "type": "string", "default": "Any", "enum": [ "Assigned", "Unassigned", "Any" ], "tests": [ { "input": "Assigned" }, { "input": "Any" }, { "description": "invalid - not listed in options", "input": "Reassigned", "expected": false }, { "description": "invalid - null value", "input": null, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/assignmentStatus", "modUri": "tmod:@turbot/aws-iam" }}
assumeRolePolicyDocument
{ "type": "object", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/assumeRolePolicyDocument", "modUri": "tmod:@turbot/aws-iam" }}
attachmentCount
{ "type": "integer", "tests": [ { "input": 123456789 }, { "input": 4 }, { "description": "invalid - string type provided", "input": "three", "expected": false }, { "description": "invalid - decimal value provided", "input": 4.5, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/attachmentCount", "modUri": "tmod:@turbot/aws-iam" }}
awsLevelDefinition
{ "description": "Internal format for Guardrails Levels.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/aws" } }, "required": [ "level", "type" ], "additionalProperties": false, "tests": [ { "description": "Valid level definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/aws-s3#/permission/types/s3" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinition", "modUri": "tmod:@turbot/aws-iam" }}
awsLevelDefinitionList
{ "description": "Internal format for Guardrails Levels registrations.", "type": "array", "items": { "description": "Internal format for Guardrails Levels.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/aws" } }, "required": [ "level", "type" ], "additionalProperties": false, "tests": [ { "description": "Valid level definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/aws-s3#/permission/types/s3" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinition", "modUri": "tmod:@turbot/aws-iam" } }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinitionList", "modUri": "tmod:@turbot/aws-iam" }}
awsModifier
{ "type": "object", "patternProperties": { "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[A-Za-z0-9]+)$": { "type": "string", "pattern": "^user|metadata|readonly|admin|owner|operator|none|whitelist|superuser", "tests": [ { "input": "metadata" }, { "input": "operator" }, { "description": "invalid - includes $", "input": "something", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsModifierLevelReference", "modUri": "tmod:@turbot/aws-iam" } } }, "additionalProperties": false, "tests": [ { "description": "valid - base case", "input": { "s3:create": "metadata" } }, { "description": "invalid - level", "input": { "s3:create": "some" }, "expected": false }, { "description": "invalid - perms", "input": { "s3:": "some" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsModifier", "modUri": "tmod:@turbot/aws-iam" }}
awsModifierLevelReference
{ "type": "string", "pattern": "^user|metadata|readonly|admin|owner|operator|none|whitelist|superuser", "tests": [ { "input": "metadata" }, { "input": "operator" }, { "description": "invalid - includes $", "input": "something", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsModifierLevelReference", "modUri": "tmod:@turbot/aws-iam" }}
awsModifierList
{ "default": [], "type": "array", "items": { "type": "object", "patternProperties": { "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:[A-Za-z0-9]+)$": { "type": "string", "pattern": "^user|metadata|readonly|admin|owner|operator|none|whitelist|superuser", "tests": [ { "input": "metadata" }, { "input": "operator" }, { "description": "invalid - includes $", "input": "something", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsModifierLevelReference", "modUri": "tmod:@turbot/aws-iam" } } }, "additionalProperties": false, "tests": [ { "description": "valid - base case", "input": { "s3:create": "metadata" } }, { "description": "invalid - level", "input": { "s3:create": "some" }, "expected": false }, { "description": "invalid - perms", "input": { "s3:": "some" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsModifier", "modUri": "tmod:@turbot/aws-iam" } }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsModifierList", "modUri": "tmod:@turbot/aws-iam" }}
awsPermissionLevelReference
{ "allOf": [ { "$ref": "turbot#/definitions/permissionLevelReference" }, { "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" } ], "tests": [ { "description": "valid permission type", "input": "tmod:@turbot/aws-s3#/permission/levels/admin" }, { "description": "invalid - aws permission type", "input": "tmod:@turbot/azure-storage#/permission/types/storage", "expected": false }, { "description": "invalid - category", "input": "tmod:@turbot/aws-s3#/control/types/bucketApproved", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsPermissionLevelReference", "modUri": "tmod:@turbot/aws-iam" }}
awsPermissionReference
{ "allOf": [ { "$ref": "turbot#/definitions/permissionReference" }, { "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:\\*|[A-Za-z0-9]+)$" } ], "tests": [ { "description": "valid", "input": "test:me" }, { "description": "valid", "input": "test:you" }, { "description": "valid", "input": "test:*" }, { "description": "valid", "input": "S3:Test" }, { "description": "valid", "input": "cognito-sync:test" }, { "description": "valid", "input": "a:test" }, { "description": "invalid - aws permission", "input": "some-:t", "expected": false }, { "description": "invalid - no space", "input": "some- :t", "expected": false }, { "description": "invalid - should not start with -", "input": "-as:t", "expected": false }, { "description": "invalid - should not end with multiple **", "input": "-as:t**", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsPermissionReference", "modUri": "tmod:@turbot/aws-iam" }}
awsPermissionTypeReference
{ "allOf": [ { "$ref": "turbot#/definitions/permissionTypeReference" }, { "pattern": "^tmod:@turbot/aws" } ], "tests": [ { "description": "valid permission type", "input": "tmod:@turbot/aws-s3#/permission/types/s3" }, { "description": "invalid - aws permission type", "input": "tmod:@turbot/azure-storage#/permission/types/storage", "expected": false }, { "description": "invalid - category", "input": "tmod:@turbot/aws-s3#/control/types/bucketApproved", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsPermissionTypeReference", "modUri": "tmod:@turbot/aws-iam" }}
awsRightDefinition
{ "description": "Internal format for Guardrails Rights registrations.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/aws" }, "permission": { "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:\\*|[A-Za-z0-9]+)$" } }, "required": [ "level", "type", "permission" ], "additionalProperties": false, "tests": [ { "description": "Valid right definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/aws-s3#/permission/types/s3", "permission": "s3:createBucket" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3", "permission": "s3:createBucket" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo", "permission": "s3:createBucket" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar", "permission": "s3:createBucket" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsRightDefinition", "modUri": "tmod:@turbot/aws-iam" }}
awsRightDefinitionList
{ "description": "Internal format for Guardrails Rights registrations.", "type": "array", "items": { "description": "Internal format for Guardrails Rights registrations.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/aws" }, "permission": { "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?:(?:\\*|[A-Za-z0-9]+)$" } }, "required": [ "level", "type", "permission" ], "additionalProperties": false, "tests": [ { "description": "Valid right definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/aws-s3#/permission/types/s3", "permission": "s3:createBucket" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3", "permission": "s3:createBucket" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo", "permission": "s3:createBucket" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar", "permission": "s3:createBucket" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsRightDefinition", "modUri": "tmod:@turbot/aws-iam" } }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsRightDefinitionList", "modUri": "tmod:@turbot/aws-iam" }}
boundaryPermissionPolicy
{ "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^[A-Za-z0-9_+=,.@-]+$", "tests": [ { "input": "Foo,barbar" }, { "description": "max length", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_1234a23456789_123456789_123456789_123456789_123456789_123456789_1234" }, { "description": "invalid - empty string", "input": "", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/boundaryPermissionPolicy", "modUri": "tmod:@turbot/aws-iam" }}
certificateName
{ "type": "string", "pattern": "^[A-Za-z0-9_+=,.@-]{1,128}$", "tests": [ { "description": "Valid - Base case", "input": "test_certificate" }, { "description": "Invalid - length", "input": "testhfghdyrhjdkloifhryhsgywghasknaklncksbdcbsdjbsjbvjsbvjkbsjvbsjkbvsbvjsbjvbsjvbsbjksdbvjksbvjbsdvbsdvjskbvjsbvsbvjkbsdjvbklbvhvlwbjkwblvbwvwivbwvhwivbwv", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/certificateName", "modUri": "tmod:@turbot/aws-iam" }}
clientId
{ "type": "string", "pattern": "^[a-zA-Z0-9:_.-/]{1,255}$", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/clientId", "modUri": "tmod:@turbot/aws-iam" }}
clientIdList
{ "type": "array", "items": { "$ref": "#/definitions/clientId" }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/clientIdList", "modUri": "tmod:@turbot/aws-iam" }}
createdAt
{ "anyOf": [ { "$ref": "turbot#/definitions/isoTimestamp" }, { "type": "null" } ], "tests": [ { "input": null }, { "input": "2021-08-31T07:29:15+00:00" }, { "description": "invalid - string provided", "input": "hello", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/createdAt", "modUri": "tmod:@turbot/aws-iam" }}
credentialInfo
{ "type": "object", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/credentialInfo", "modUri": "tmod:@turbot/aws-iam" }}
credentialReport
{ "type": "object", "properties": { "credentialInfo": { "$ref": "#/definitions/credentialInfo" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/credentialReportAka" } }, "title": { "$ref": "#/definitions/reportItemsElements" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "credentialInfo": { "<root_account>": { "user": "<root_account>", "arn": "arn:aws:iam::541046466378:root", "user_creation_time": "2018-03-15T09:57:32+00:00", "password_enabled": "not_supported", "password_last_used": "2018-03-15T10:04:09+00:00", "password_last_changed": "not_supported", "password_next_rotation": "not_supported", "mfa_active": "false", "access_key_1_active": "false", "access_key_1_last_rotated": "N/A", "access_key_1_last_used_date": "N/A", "access_key_1_last_used_region": "N/A", "access_key_1_last_used_service": "N/A", "access_key_2_active": "false", "access_key_2_last_rotated": "N/A", "access_key_2_last_used_date": "N/A", "access_key_2_last_used_region": "N/A", "access_key_2_last_used_service": "N/A", "cert_1_active": "false", "cert_1_last_rotated": "N/A", "cert_2_active": "false", "cert_2_last_rotated": "N/A" }, "abhinash": { "user": "abhinash", "arn": "arn:aws:iam::541046466378:user/turbot/account/federated/abhinash", "user_creation_time": "2019-03-27T15:37:23+00:00", "password_enabled": "false", "password_last_used": "N/A", "password_last_changed": "N/A", "password_next_rotation": "N/A", "mfa_active": "false", "access_key_1_active": "false", "access_key_1_last_rotated": "N/A", "access_key_1_last_used_date": "N/A", "access_key_1_last_used_region": "N/A", "access_key_1_last_used_service": "N/A", "access_key_2_active": "false", "access_key_2_last_rotated": "N/A", "access_key_2_last_used_date": "N/A", "access_key_2_last_used_region": "N/A", "access_key_2_last_used_service": "N/A", "cert_1_active": "false", "cert_1_last_rotated": "N/A", "cert_2_active": "false", "cert_2_last_rotated": "N/A" } }, "turbot": { "akas": [ "arn:aws:iam::aws:123456789012:credentialReport" ], "title": "credentialReport", "custom": { "aws": { "accountId": 123456789012 } } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/credentialReport", "modUri": "tmod:@turbot/aws-iam" }}
credentialReportAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::aws:[0-9]{12}:credentialReport$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::aws:492552618977:credentialReport" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::aws:00011101982:group/aa", "expected": false }, { "description": "Invalid - Missing ID", "input": "arn:aws:iam::aws:group/test01", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/credentialReportAka", "modUri": "tmod:@turbot/aws-iam" }}
defaultVersionId
{ "type": "string", "pattern": "^v[1-9][0-9]*(.[A-Za-z0-9-]*)?$", "tests": [ { "input": "v1.5" }, { "input": "v11.6" }, { "input": "v99.bA" }, { "description": "invalid - should start with letter v", "input": 1, "expected": false }, { "descrption": "invalid - version should start with 1", "input": "v0.1", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/defaultVersionId", "modUri": "tmod:@turbot/aws-iam" }}
description
{ "type": "string", "maxLength": 1000, "tests": [ { "input": "Foo,foo+fOO" }, { "input": "00123" }, { "input": "ab@cde" }, { "input": "Test.The-KitchenSink" }, { "description": "empty string", "input": "" } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/description", "modUri": "tmod:@turbot/aws-iam" }}
genericNumber
{ "type": "integer", "tests": [ { "input": 1234 } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/genericNumber", "modUri": "tmod:@turbot/aws-iam" }}
group
{ "type": "object", "properties": { "Arn": { "$ref": "#/definitions/userArn" }, "CreateDate": { "$ref": "turbot#/definitions/isoTimestamp" }, "GroupId": { "$ref": "#/definitions/userId" }, "GroupName": { "$ref": "#/definitions/policyName" }, "Path": { "$ref": "#/definitions/userPath" }, "Users": { "type": "array" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/groupAka" } }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "Arn": "arn:aws:iam::123456789012:group/Admins", "title": "Admins", "CreateDate": "2018-30-07T18:15:20.000Z", "GroupName": "Admins", "GroupId": "AGPACKCEVSQ6C2EXAMPLE", "Path": "/division_abc/subdivision_xyz/", "turbot": { "akas": [ "arn:aws:iam::123456789012:group/Admins" ], "title": "Admins", "custom": { "aws": { "accountId": 123456789012, "regionName": "us-east-1" } } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/group", "modUri": "tmod:@turbot/aws-iam" }}
groupAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:group/[A-Za-z0-9_+=,.@-]+$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:group/Admins" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::123456789012:groups/Admins", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam::123456789012234:group/Admins", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/groupAka", "modUri": "tmod:@turbot/aws-iam" }}
groupInlinePolicy
{ "type": "object", "properties": { "GroupName": { "$ref": "#/definitions/policyName" }, "PolicyName": { "$ref": "#/definitions/policyName" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/groupInlinePolicyAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/policyName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "PolicyName", "turbot", "GroupName" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "GroupName": "test01", "PolicyName": "admin1", "turbot": { "akas": [ "arn:aws:iam::123456789012:group/test01/inline-policy/admin_1" ], "title": "admin1", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing group name", "input": { "PolicyName": "admin1", "turbot": { "akas": [ "arn:aws:iam::123456789012:goup/test01/inline-policy/admin_1" ], "title": "admin_1", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "GroupName": "test01", "PolicyName": "admin1" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/groupInlinePolicy", "modUri": "tmod:@turbot/aws-iam" }}
groupInlinePolicyAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:group/[A-Za-z0-9_+=,.@-]{1,64}/inline-policy/[A-Za-z0-9_+=,.@-]+$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:group/test01/inline-policy/hf" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::123456789012:groups/test01/inline-policy/hf", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam::4653726:group/test01/inline-policy/hf", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/groupInlinePolicyAka", "modUri": "tmod:@turbot/aws-iam" }}
groupPolicyAttachment
{ "type": "object", "properties": { "GroupName": { "$ref": "#/definitions/policyName" }, "PolicyName": { "$ref": "#/definitions/policyName" }, "PolicyArn": { "$ref": "#/definitions/userArn" }, "Id": { "$ref": "#/definitions/policyAttachmentId" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/groupPolicyAttachmentAka" } }, "title": { "$ref": "#/definitions/policyAttachmentId" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "GroupName": "test01", "PolicyName": "admin_1", "Id": "test01-admin_1", "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "turbot": { "akas": [ "arn:aws:iam::492552618977:group/test01/policy-attachment/AmazonEKSClusterPolicy" ], "title": "test01-admin_1", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing PolicyName", "input": { "GroupName": "test01", "Id": "test01-admin_1", "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "turbot": { "akas": [ "arn:aws:iam::aws:492552618977:group/test01/policy-attachment/AmazonEKSClusterPolicy" ], "title": "Admin", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false }, { "description": "Invalid - Missing turbot data", "input": { "GroupId": "AGPAJT5UGJLFBILHJUOXC", "Id": "test01-AmazonEKSClusterPolicy", "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "UserName": "Bob" } }, { "description": "Inalid - Missing Id", "input": { "GroupName": "test01", "PolicyName": "admin_1", "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "turbot": { "akas": [ "arn:aws:iam::492552618977:group/test01/policy-attachment/AmazonEKSClusterPolicy" ], "title": "Admin", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/groupPolicyAttachment", "modUri": "tmod:@turbot/aws-iam" }}
groupPolicyAttachmentAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:group/[A-Za-z0-9_+=,.@-]{1,64}/policy-attachment/[A-Za-z0-9_.-]{1,128}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::492552618977:group/test01/policy-attachment/policyname0123" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::aws:00011101982:groups/aa/policy-attachment/policyname123", "expected": false }, { "description": "Invalid - Missing ID", "input": "arn:aws:iam::aws:group/test01/policy-attachment/policyname123", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/groupPolicyAttachmentAka", "modUri": "tmod:@turbot/aws-iam" }}
groupServiceNow
{ "defaultColumns": { "account_id": { "column": "enabled", "label": "Account ID" }, "arn": { "column": "enabled", "label": "ARN" }, "attached_policies": { "column": "enabled", "label": "Attached Policies", "type": "string", "size": 1000 }, "create_date": { "column": "enabled", "label": "Create Date" }, "group_id": { "column": "enabled", "label": "Group ID" }, "group_name": { "column": "enabled", "path": "data.GroupName" }, "path": { "column": "enabled", "label": "Path" }, "users": { "column": "enabled", "label": "Users", "type": "string", "size": 1000 } }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/groupServiceNow", "modUri": "tmod:@turbot/aws-iam" }}
iam
{ "allOf": [ { "$ref": "turbot#/definitions/service" }, { "type": "object", "properties": { "name": { "const": "IAM" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/iamAka" } }, "title": { "const": "IAM" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" } } } } } }, "required": [ "name", "turbot" ], "additionalProperties": true, "tests": [ { "description": "iam", "input": { "name": "IAM", "turbot": { "akas": [ "arn:aws:iam::123456789012" ], "title": "IAM", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Name does not match", "input": { "name": "IAM", "turbot": { "akas": [ "arn:aws:iam::123456789012" ], "title": "IAM", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false }, { "description": "Invalid - Service Name missing", "input": { "turbot": { "akas": [ "arn:aws:iam::123456789012" ], "title": "IAM", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false } ] } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/iam", "modUri": "tmod:@turbot/aws-iam" }}
iamAka
{ "type": "string", "pattern": "arn:aws(-us-gov|-cn)?:iam::[0-9]{12}$", "tests": [ { "description": "base", "input": "arn:aws:iam::123456789012" }, { "description": "invalid service name", "input": "arn:aws:iamjhkjfh::123456789012", "expected": false }, { "description": "invalid account id", "input": "arn:aws:iam::1234567890128364859934", "expected": false }, { "description": "invalid provider name", "input": "arn:gcp:iam::1234567890128364859934", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/iamAka", "modUri": "tmod:@turbot/aws-iam" }}
iamPolicy
{ "type": "object", "properties": { "Arn": { "$ref": "#/definitions/userArn" }, "AttachmentCount": { "$ref": "#/definitions/attachmentCount" }, "DefaultVersionId": { "$ref": "#/definitions/defaultVersionId" }, "Description": { "$ref": "#/definitions/description" }, "IsAttachable": { "type": "boolean" }, "Path": { "$ref": "#/definitions/policyPath" }, "PermissionsBoundaryUsageCount": { "$ref": "#/definitions/attachmentCount" }, "PolicyId": { "$ref": "#/definitions/userId" }, "PolicyName": { "$ref": "#/definitions/policyName" }, "UpdateDate": { "$ref": "turbot#/definitions/isoTimestamp" }, "PolicyArn": { "$ref": "#/definitions/userArn" }, "PolicyVersion": { "$ref": "#/definitions/policyVersion" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/userArn" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/policyName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "lastUsedTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Base case", "input": { "Arn": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket", "AttachmentCount": 9, "DefaultVersionId": "v1", "Path": "/", "PolicyId": "AGPACKCEVSQ6C2EXAMPLE", "PolicyName": "S3-read-only-example-bucket", "Description": "Allows read-only access to the example bucket", "UpdateDate": "2018-12-21T18:15:20.000Z", "turbot": { "akas": [ "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "S3-read-only-example-bucket", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing PolicyName", "input": { "Arn": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket", "AttachmentCount": 9, "DefaultVersionId": "v1", "Path": "/", "PolicyId": "AGPACKCEVSQ6C2EXAMPLE", "Description": "Allows read-only access to the example bucket", "UpdateDate": "2018-12-21T18:15:20.000Z", "turbot": { "akas": [ "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "S3-read-only-example-bucket", "custom": { "aws": { "accountId": 123456789012, "createTimestamp": "2018-10-08T09:22:07.000Z" } } } }, "expected": false }, { "description": "Invalid - Missing Arn", "input": { "AttachmentCount": 9, "DefaultVersionId": "v1", "Path": "/", "PolicyName": "S3-read-only-example-bucket", "PolicyId": "AGPACKCEVSQ6C2EXAMPLE", "Description": "Allows read-only access to the example bucket", "UpdateDate": "2018-12-21T18:15:20.000Z", "turbot": { "akas": [ "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "S3-read-only-example-bucket", "custom": { "aws": { "accountId": 123456789012, "createTimestamp": "2018-10-08T09:22:07.000Z" } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "Arn": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket", "AttachmentCount": 9, "DefaultVersionId": "v1", "Path": "/", "PolicyId": "AGPACKCEVSQ6C2EXAMPLE", "PolicyName": "S3-read-only-example-bucket", "Description": "Allows read-only access to the example bucket", "UpdateDate": "2018-12-21T18:15:20.000Z" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/iamPolicy", "modUri": "tmod:@turbot/aws-iam" }}
instanceProfile
{ "type": "object", "properties": { "Arn": { "$ref": "#/definitions/instanceProfileAka" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "InstanceProfileName": { "$ref": "#/definitions/instanceProfileName" }, "Tags": { "$ref": "aws#/definitions/tagList" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/instanceProfileAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/instanceProfileName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "All properties given", "input": { "Arn": "arn:aws:iam::123456789012:instance-profile/turbot_instanceProfile_metadata", "CreateDate": "2018-01-21T18:15:20.000Z", "InstanceProfileName": "testinstanceProfile", "turbot": { "akas": [ "arn:aws:iam::123456789012:instance-profile/turbot_instanceProfile_metadata" ], "title": "i-a2345678", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing Guardrails Data", "input": { "instanceProfileName": "AWSServiceinstanceProfileForAmazonGuardDuty", "title": "Test-instanceProfile", "Tags": [ { "Key": "Name", "Value": "testkey0" }, { "Key": "Name1", "Value": "testkey01" } ] }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/instanceProfile", "modUri": "tmod:@turbot/aws-iam" }}
instanceProfileAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:instance-profile/[A-Za-z0-9_+=,.@-]{1,64}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:instance-profile/turbot_instanceProfile_metadata" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:ec2:123456789012:instance-profiles/turbot_instanceProfile_metadata", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:ec2:1234567892101489:instance-profile/turbot_instanceProfile_metadata", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/instanceProfileAka", "modUri": "tmod:@turbot/aws-iam" }}
instanceProfileName
{ "type": "string", "pattern": "^[-0-9a-zA-Z_+=,.@]{1,128}$", "tests": [ { "description": "Base test case", "input": "sad" }, { "input": "sdsadcxa123acAXSASD" }, { "input": "00123" }, { "description": "invalid - empty string", "input": "", "expected": false }, { "description": "invalid - exceeding maximum limit", "input": "sdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAXSASDsdsadcxa123acAX", "expected": false }, { "description": "invalid - invalid character ~", "input": "SADSA~asdsad", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/instanceProfileName", "modUri": "tmod:@turbot/aws-iam" }}
lastResourceAnalyzedAt
{ "anyOf": [ { "$ref": "turbot#/definitions/isoTimestamp" }, { "type": "null" } ], "tests": [ { "input": null }, { "input": "2021-08-31T07:29:15+00:00" }, { "description": "invalid - string provided", "input": "hello", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/lastResourceAnalyzedAt", "modUri": "tmod:@turbot/aws-iam" }}
marker
{ "type": "string", "minLength": 1, "maxLength": 320, "pattern": "^[ -ÿ]+$", "tests": [ { "input": "Foo,foo+fOO-bar" }, { "input": "00123" }, { "input": "ab@cde.com" }, { "input": "Test.The-Kitchen_Sink" }, { "description": "min length", "input": "/" }, { "description": "max length", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678_123456789_123456789_123456789_123456789_123456789_123456789_123" }, { "description": "invalid - too long", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678_123456789_123456789_123456789_123456789_123456789_123456789_12345", "expected": false }, { "description": "invalid - empty string", "input": "", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/marker", "modUri": "tmod:@turbot/aws-iam" }}
maxSessionDuration
{ "type": "integer", "minimum": 3600, "maximum": 43200, "tests": [ { "input": 12345 }, { "description": "min value", "input": 3600 }, { "description": "max value", "input": 43200 }, { "description": "invalid - greater than max value", "input": 11111111, "expected": false }, { "description": "invalid - string type provided", "input": "three", "expected": false }, { "description": "invalid - decimal value provided", "input": 4.5, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/maxSessionDuration", "modUri": "tmod:@turbot/aws-iam" }}
mfaVirtual
{ "type": "object", "properties": { "AssignmentStatus": { "$ref": "#/definitions/assignmentStatus" }, "VirtualMFADevices": { "$ref": "#/definitions/virtualMFADevices" }, "IsTruncated": { "type": "boolean" }, "Marker": { "$ref": "#/definitions/marker" }, "MaxItems": { "$ref": "#/definitions/virtualMfaMaxItems" }, "Tags": { "$ref": "aws#/definitions/tagList" }, "EnableDate": { "$ref": "turbot#/definitions/isoTimestamp" }, "SerialNumber": { "$ref": "#/definitions/serialNumber" }, "User": { "$ref": "#/definitions/userName" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/mfaVirtualAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/userName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "SerialNumber", "turbot" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "AssignmentStatus": "Any", "Marker": "a123", "MaxItems": 100, "SerialNumber": "arn:aws:iam::492552618977:mfa/test_user", "Tags": [ { "Key": "Env", "Value": "Test" }, { "Key": "App", "Value": "Facebook" } ], "turbot": { "akas": [ "arn:aws:iam::492552618977:mfa/test_user" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "Susan", "custom": { "aws": { "accountId": 492552618977 } } } } }, { "description": "Invalid - Missing SerialNumber", "input": { "AssignmentStatus": "Assigned", "UserName": "Susan", "Marker": "/", "MaxItems": 1, "Tags": [ { "Key": "Env", "Value": "Test" }, { "Key": "App", "Value": "Facebook" } ], "turbot": { "akas": [ "arn:aws:iam::492552618977:mfa/test_user" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "Susan", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "SerialNumber": "arn:aws:iam::492552618977:mfa/test_user", "Tags": [ { "Key": "Env", "Value": "Test" }, { "Key": "App", "Value": "Facebook" } ], "UserName": "Susan" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/mfaVirtual", "modUri": "tmod:@turbot/aws-iam" }}
mfaVirtualAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:mfa/[A-Za-z0-9_-]{1,64}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::492552618977:mfa/test_user" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::492552618977:mfaa/test_user", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam::389739167:mfa/test_user", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/mfaVirtualAka", "modUri": "tmod:@turbot/aws-iam" }}
openIdConnect
{ "type": "object", "properties": { "Arn": { "$ref": "#/definitions/openIdConnectAka" }, "Url": { "type": "string" }, "ClientIDList": { "$ref": "#/definitions/clientIdList" }, "ThumbprintList": { "$ref": "#/definitions/thumbprintList" }, "CreateDate": { "$ref": "turbot#/definitions/isoTimestamp" }, "Tags": { "$ref": "aws#/definitions/tagList" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/openIdConnectAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "type": "string" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "Url": "accounts.google.com", "ClientIDList": [ "rahultestaccount" ], "ThumbprintList": [ "08745487e891c19e3078c1f2a07e452950ef36f6" ], "CreateDate": "2022-05-03T06:50:32.086Z", "Tags": [ { "Key": "Env", "Value": "Test" }, { "Key": "App", "Value": "Facebook" } ], "turbot": { "akas": [ "arn:aws:iam::492552618977:oidc-provider/accounts.google.com" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "Susan", "custom": { "aws": { "accountId": 492552618977 } } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/openIdConnect", "modUri": "tmod:@turbot/aws-iam" }}
openIdConnectAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:oidc-provider/[A-Za-z0-9_.-/]+$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::388460667113:oidc-provider/accounts.google.com" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::388460667113:oidc-/accounts.google.com", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam::60667113:oidc-provider/accounts.google.com", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/openIdConnectAka", "modUri": "tmod:@turbot/aws-iam" }}
passwordLastUsed
{ "anyOf": [ { "$ref": "turbot#/definitions/isoTimestamp" }, { "type": "null" } ], "tests": [ { "input": null }, { "input": "2018-12-21T18:15:20.000Z" }, { "description": "invalid - string provided", "input": "hello", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/passwordLastUsed", "modUri": "tmod:@turbot/aws-iam" }}
policyAttachmentId
{ "type": "string", "pattern": "^[A-Za-z0-9_+=,.@-]{1,64}-[A-Za-z0-9_+=,.@-]{1,128}$", "tests": [ { "input": "test01-admin_1" } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/policyAttachmentId", "modUri": "tmod:@turbot/aws-iam" }}
policyName
{ "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^[A-Za-z0-9_+=,.@-]+$", "tests": [ { "input": "Foo,foo+fOO-bar" }, { "input": "00123" }, { "input": "ab@cde.com" }, { "input": "Test.The-Kitchen_Sink" }, { "description": "max length", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_1234a23456789_123456789_123456789_123456789_123456789_123456789_1234" }, { "description": "invalid - too long", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456", "expected": false }, { "description": "invalid - empty string", "input": "", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/policyName", "modUri": "tmod:@turbot/aws-iam" }}
policyPath
{ "type": "string", "pattern": "^((/[A-Za-z0-9.,+@=_-]+)*)/$", "tests": [ { "input": "/" }, { "input": "/home/.ssh/+/" }, { "input": "/path/to/the/desti-nati0n/" }, { "description": "invaid - should end with /", "input": "/hello", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/policyPath", "modUri": "tmod:@turbot/aws-iam" }}
policyVersion
{ "type": "object", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/policyVersion", "modUri": "tmod:@turbot/aws-iam" }}
regionScope
{ "type": "string", "enum": [ "regional", "global" ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/regionScope", "modUri": "tmod:@turbot/aws-iam" }}
reportItemsElements
{ "type": "string", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/reportItemsElements", "modUri": "tmod:@turbot/aws-iam" }}
restrictedApisBudgetState
{ "type": "string", "pattern": "Unknown|Unused|Under|On target|Over|Critical|Shutdown", "tests": [ { "description": "Valid test", "input": "Unknown" }, { "description": "invalid type definition", "input": "unu", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/restrictedApisBudgetState", "modUri": "tmod:@turbot/aws-iam" }}
restrictedApisBudgetStateApis
{ "type": "object", "default": {}, "patternProperties": { "Unknown|Unused|Under|On target|Over|Critical|Shutdown|unknown|unused|under|on target|over|critical|shutdown|ontarget": { "type": "array", "items": { "type": "string" }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/restrictedApisPermissions", "modUri": "tmod:@turbot/aws-iam" } } }, "additionalProperties": false, "tests": [ { "description": "Valid test", "input": { "Unknown": [ "ec2:*", "s3:*" ] } }, { "description": "Valid test 2", "input": { "Critical": [ "ec2:*", "s3:*" ] } }, { "description": "Valid test 2", "input": { "ontarget": [ "ec2:*", "s3:*" ] } }, { "description": "invalid type definition", "input": { "unu": "ec2*" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/restrictedApisBudgetStateApis", "modUri": "tmod:@turbot/aws-iam" }}
restrictedApisPermissions
{ "type": "array", "items": { "type": "string" }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/restrictedApisPermissions", "modUri": "tmod:@turbot/aws-iam" }}
role
{ "type": "object", "properties": { "Arn": { "$ref": "#/definitions/userArn" }, "AssumeRolePolicyDocument": { "$ref": "#/definitions/assumeRolePolicyDocument" }, "CreateDate": { "$ref": "turbot#/definitions/isoTimestamp" }, "MaxSessionDuration": { "$ref": "#/definitions/maxSessionDuration" }, "Path": { "$ref": "#/definitions/userPath" }, "RoleId": { "$ref": "#/definitions/userId" }, "RoleName": { "$ref": "#/definitions/userName" }, "Tags": { "$ref": "aws#/definitions/tagList" }, "Description": { "type": "string" }, "PermissionsBoundary": { "type": "object" }, "RoleLastUsed": { "type": "object" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/roleAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/userName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "All properties given", "input": { "Arn": "arn:aws:iam::048639848099:role/service-role/test-config-role", "CreateDate": "2018-01-21T18:15:20.000Z", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::560741234067:root" }, "Action": "sts:AssumeRole" } ] }, "MaxSessionDuration": 3600, "Path": "/application_abc/component_xyz/", "RoleId": "AROADBQP57FF2AEXAMPLE", "RoleName": "AWSServiceRoleForAmazonGuardDuty", "Tags": [ { "Key": "Name", "Value": "testkey0" }, { "Key": "Name1", "Value": "testkey01" } ], "turbot": { "akas": [ "arn:aws:iam::123456789012:role/turbot_role_metadata" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "i-a2345678", "custom": { "aws": { "accountId": 123456789012 } } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/role", "modUri": "tmod:@turbot/aws-iam" }}
roleAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:role/[A-Za-z0-9_+=,.@-]{1,64}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:role/turbot_role_metadata" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:ec2:123456789012:roles/turbot_role_metadata", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:ec2:1234567892101489:role/turbot_role_metadata", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/roleAka", "modUri": "tmod:@turbot/aws-iam" }}
roleInlinePolicy
{ "type": "object", "properties": { "RoleName": { "$ref": "#/definitions/policyName" }, "PolicyName": { "$ref": "#/definitions/policyName" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/roleInlinePolicyAka" } }, "title": { "$ref": "#/definitions/policyName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "RoleName": "test01", "PolicyName": "admin1", "turbot": { "akas": [ "arn:aws:iam::123456789012:role/test01/inline-policy/AmazonEKSClusterPolicy" ], "title": "admin_1", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing role name", "input": { "PolicyName": "admin1", "turbot": { "akas": [ "arn:aws:iam::123456789012:role/test01/inline-policy/AmazonEKSClusterPolicy" ], "title": "admin1", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "RoleName": "test01", "PolicyName": "admin1" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/roleInlinePolicy", "modUri": "tmod:@turbot/aws-iam" }}
roleInlinePolicyAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:role/[A-Za-z0-9_+=,.@-]{1,64}/inline-policy/[A-Za-z0-9_.-]{1,128}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:role/test01/inline-policy/hf" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam:us-east-1:123456789012:roles/i-a2345678", "expected": false }, { "description": "Invalid - Malformed region name", "input": "arn:aws:iam:use-east-1:123456789012:role/test01", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam:us-east-1:1234567890123:role/test01", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/roleInlinePolicyAka", "modUri": "tmod:@turbot/aws-iam" }}
rolePolicyAttachment
{ "type": "object", "properties": { "RoleName": { "$ref": "#/definitions/policyName" }, "PolicyName": { "$ref": "#/definitions/policyName" }, "PolicyArn": { "$ref": "#/definitions/userArn" }, "Id": { "$ref": "#/definitions/policyAttachmentId" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/rolePolicyAttachmentAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/policyAttachmentId" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "RoleName": "test01", "PolicyName": "admin_1", "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "Id": "test01-admin_1", "turbot": { "akas": [ "arn:aws:iam::123456789012:role/test01/policy-attachment/AmazonEKSClusterPolicy" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "test01-admin_1", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing role name", "input": { "PolicyName": "admin_1", "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "Id": "test01-admin_1", "turbot": { "akas": [ "arn:aws:iam::123456789012:role/test01/policy-attachment/AmazonEKSClusterPolicy" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "test", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "RoleName": "test01", "PolicyName": "admin_1", "PolicyArn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "Id": "test01-admin_1" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/rolePolicyAttachment", "modUri": "tmod:@turbot/aws-iam" }}
rolePolicyAttachmentAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:role/[A-Za-z0-9_+=,.@-]{1,64}/policy-attachment/[A-Za-z0-9_.-]{1,128}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:role/test01/policy-attachment/hf" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam:us-east-1:123456789012:roles/i-a2345678", "expected": false }, { "description": "Invalid - Malformed region name", "input": "arn:aws:iam:use-east-1:123456789012:role/test01", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam:us-east-1:1234567890123:role/test01", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/rolePolicyAttachmentAka", "modUri": "tmod:@turbot/aws-iam" }}
roleServiceNow
{ "defaultColumns": { "account_id": { "column": "enabled", "path": "metadata.aws.accountId", "label": "Account ID" }, "arn": { "column": "enabled", "label": "ARN" }, "assume_role_policy_document": { "column": "enabled", "path": "data.AssumeRolePolicyDocument", "label": "Assume Role Policy Document", "type": "string", "size": 1000 }, "attached_policies": { "column": "enabled", "label": "Attached Policies", "type": "string", "size": 1000 }, "create_date": { "column": "enabled", "label": "Create Date" }, "max_session_duration": { "column": "enabled", "label": "Max Session Duration" }, "role_name": { "column": "enabled", "path": "data.RoleName" }, "path": { "column": "enabled", "label": "Path" }, "permissions_boundary_arn": { "column": "enabled", "path": "data.PermissionsBoundary.PermissionsBoundaryArn", "label": "Permissions Boundary ARN" }, "permissions_boundary_type": { "column": "enabled", "path": "data.PermissionsBoundary.PermissionsBoundaryType", "label": "Permissions Boundary Type" }, "role_id": { "column": "enabled", "label": "Role ID" }, "role_last_used_date": { "column": "enabled", "path": "data.RoleLastUsed.LastUsedDate", "label": "Role Last Used Date" }, "role_last_used_region": { "column": "enabled", "path": "data.RoleLastUsed.Region", "label": "Role Last Used Region" }, "tags": { "column": "enabled", "label": "Tags", "type": "string", "size": 1000 } }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/roleServiceNow", "modUri": "tmod:@turbot/aws-iam" }}
root
{ "type": "object", "properties": { "arn": { "$ref": "#/definitions/rootUserArn" }, "user": { "$ref": "#/definitions/User" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/rootUserArn" } }, "title": { "$ref": "#/definitions/User" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "arn", "turbot" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "user": "root_account", "arn": "arn:aws:iam::123456789012:root", "turbot": { "akas": [ "arn:aws:iam::123456789012:root" ], "title": "root_account", "custom": { "aws": { "accountId": 123456789012 }, "createTimestamp": "2018-12-21T18:15:20.000Z" } } } }, { "description": "Invalid - Missing arn", "input": { "user": "AIDACKCEVSQ6C2EXAMPLE", "turbot": { "akas": [ "arn:aws:iam::123456789012:user" ], "title": "AIDACKCEVSQ6C2EXAMPLE", "custom": { "aws": { "accountId": 123456789012 }, "createTimestamp": "2018-12-21T18:15:20.000Z" } } }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/root", "modUri": "tmod:@turbot/aws-iam" }}
rootUserArn
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:root$", "tests": [ { "description": "Valid - Base Case", "input": "arn:aws:iam::123456789012:root" }, { "description": "Invalid", "input": "arn:aws:iam::123456789012:user", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/rootUserArn", "modUri": "tmod:@turbot/aws-iam" }}
secretAccessKey
{ "type": "string", "tests": [ { "input": "Foo,foo+fOO-bar" }, { "input": "00123" }, { "input": "ab@cde.com" }, { "input": "Test.The-Kitchen_Sink" }, { "input": "leTjY3SkM7uPgHMj71u6zH2ucGxpd0aV3ToSar8D" }, { "input": "gc+gNRHJ0xhA6rx5CEPa7aDPYjMV+xtkue3we0xF" }, { "description": "invalid - array type provided", "input": [ "hello" ], "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/secretAccessKey", "modUri": "tmod:@turbot/aws-iam" }}
serialNumber
{ "type": "string", "minLength": 9, "maxLength": 256, "pattern": "^[A-Za-z0-9_+=/:,.@-]+$", "tests": [ { "input": "Foo,foo+fOO-bar" }, { "input": "001234567890" }, { "input": "ab@cde.com" }, { "input": "arn:aws:iam::123456789012:mfa/MFAdeviceName" }, { "description": "min length", "input": 123456789 }, { "description": "max length", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678" }, { "description": "invalid - too long", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789", "expected": false }, { "description": "invalid - empty string", "input": "", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/serialNumber", "modUri": "tmod:@turbot/aws-iam" }}
serverCertificate
{ "type": "object", "properties": { "ServerCertificateMetadata": { "type": "object", "properties": { "Path": { "type": "string" }, "ServerCertificateName": { "type": "string" }, "ServerCertificateId": { "type": "string" }, "Arn": { "$ref": "#/definitions/serverCertificateAka" }, "UploadDate": { "$ref": "turbot#/definitions/isoTimestamp" }, "Expiration": { "$ref": "turbot#/definitions/isoTimestamp" } } }, "CertificateBody": { "type": "string" }, "CertificateChain": { "type": "string" }, "Tags": { "$ref": "aws#/definitions/tagList" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/serverCertificateAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/certificateName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "All properties given", "input": { "ServerCertificateMetadata": { "Path": "/", "ServerCertificateName": "MySSLCertificate", "ServerCertificateId": "EHDGFRW7EJFYTE88D", "Arn": "arn:aws:iam::012345678910:server-certificate/EHDGFRW7EJFYTE88D", "UploadDate": "2018-01-21T18:15:20.000Z", "Expiration": "2019-01-21T18:15:20.000Z" }, "Tags": [ { "Key": "Name", "Value": "testkey0" }, { "Key": "Name1", "Value": "testkey01" } ], "turbot": { "akas": [ "arn:aws:iam::012345678910:server-certificate/MySSLCertificate" ], "tags": { "Env": "Test", "App": "Facebook" }, "title": "MySSLCertificate", "custom": { "aws": { "accountId": 123456789012 } } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/serverCertificate", "modUri": "tmod:@turbot/aws-iam" }}
serverCertificateAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:server-certificate/[A-Za-z0-9]{0,21}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:server-certificate/ASCAQGDRKHTKPCN3KQ4T7" }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:ec2:1234567892101489:server-certificate//ASCAQGDRKHTKPCN3KQ4T7", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/serverCertificateAka", "modUri": "tmod:@turbot/aws-iam" }}
status
{ "type": "string", "enum": [ "Active", "Inactive" ], "tests": [ { "input": "Active" }, { "input": "Inactive" }, { "description": "invalid - not listed in options", "input": "Reactive", "expected": false }, { "description": "invalid - null value", "input": null, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/status", "modUri": "tmod:@turbot/aws-iam" }}
thumbprint
{ "type": "string", "pattern": "^[a-zA-Z0-9:_.-/]{40}$", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/thumbprint", "modUri": "tmod:@turbot/aws-iam" }}
thumbprintList
{ "type": "array", "items": { "$ref": "#/definitions/thumbprint" }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/thumbprintList", "modUri": "tmod:@turbot/aws-iam" }}
turbotAwsLevelDefinitionList
{ "description": "Internal format for Guardrails AWS Levels registrations.", "type": "array", "items": { "description": "Internal format for Guardrails Levels.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/aws" } }, "required": [ "level", "type" ], "additionalProperties": false, "tests": [ { "description": "Valid level definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/aws-s3#/permission/types/s3" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/aws-s3#/permission/levels/admin", "type": "tmod:@turbot/azure-s3#/permission/types/s3" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/awsLevelDefinition", "modUri": "tmod:@turbot/aws-iam" } }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/turbotAwsLevelDefinitionList", "modUri": "tmod:@turbot/aws-iam" }}
User
{ "type": "string", ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/User", "modUri": "tmod:@turbot/aws-iam" }}
user
{ "type": "object", "properties": { "Arn": { "$ref": "#/definitions/userArn" }, "PasswordLastUsed": { "$ref": "#/definitions/passwordLastUsed" }, "Path": { "$ref": "#/definitions/userPath" }, "UserId": { "$ref": "#/definitions/userId" }, "UserName": { "$ref": "#/definitions/userName" }, "Tags": { "$ref": "aws#/definitions/tagList" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/userAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/userName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "UserName": "foo", "Arn": "arn:aws:iam::123456789012:user/foo", "UserId": "AIDACKCEVSQ6C2EXAMPLE", "CreateDate": "2018-12-21T18:15:20.000Z", "PasswordLastUsed": "2018-12-21T18:15:20.000Z", "turbot": { "akas": [ "arn:aws:iam::123456789012:user/foo" ], "tags": { "Key": "key01", "Value": "value01" }, "title": "foo", "custom": { "aws": { "accountId": 123456789012 }, "createTimestamp": "2018-12-21T18:15:20.000Z" } } } }, { "description": "Invalid - Missing Username", "input": { "Arn": "arn:aws:iam::123456789012:user/foo", "UserId": "AIDACKCEVSQ6C2EXAMPLE", "CreateDate": "2018-12-21T18:15:20.000Z", "PasswordLastUsed": "2018-12-21T18:15:20.000Z", "turbot": { "akas": [ "arn:aws:iam::123456789012:user/foo" ], "tags": { "Key": "key01", "Value": "value01" }, "title": "foo", "custom": { "aws": { "accountId": 123456789012 }, "createTimestamp": "2018-12-21T18:15:20.000Z" } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/user", "modUri": "tmod:@turbot/aws-iam" }}
userAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:user/[A-Za-z0-9_+=,.@-]{1,64}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:user/bob" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:ec2:us-east-1:123456789012:instances/i-a2345678", "expected": false }, { "description": "Invalid - account id not valid", "input": "arn:aws:iam::1234234456789012:user/bob", "expected": false }, { "description": "Invalid - special character 0-9_+=,.@- are allowed", "input": "arn:aws:iam::123456789012:user/bob!!", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/userAka", "modUri": "tmod:@turbot/aws-iam" }}
userArn
{ "type": "string", "minLength": 20, "maxLength": 2048, "tests": [ { "description": "user arn", "input": "arn:aws:iam::123456789012:user/Bob" }, { "description": "federated user", "input": "arn:aws:sts::123456789012:federated-user/Bob" }, { "description": "nested path", "input": "arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob" }, { "description": "policy arn", "input": "arn:aws:iam::123456789012:policy/S3-read-only-example-bucket" }, { "description": "role arn", "input": "arn:aws:iam::123456789012:role/S3Access" }, { "description": "group arn", "input": "arn:aws:iam::123456789012:group/Developers" }, { "description": "group arn with path", "input": "arn:aws:iam::123456789012:group/division_abc/subdivision_xyz/product_A/Developers" }, { "description": "min length", "input": 12345678901234567000 }, { "description": "invalid - less than min length", "input": "Hello User!", "expected": false }, { "description": "invalid - null value", "input": null, "expected": false }, { "description": "invalid - empty string", "input": "", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/userArn", "modUri": "tmod:@turbot/aws-iam" }}
userGroupMembershipAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:userGroupMemberships/[A-Za-z0-9_+=,.@-]{1,64}/[A-Za-z0-9_+=,.@-]{1,64}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:userGroupMemberships/turbot/user" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:ec2:us-east-1:123456789012:instances/i-a2345678", "expected": false }, { "description": "Invalid - account id not valid", "input": "arn:aws:iam::1234234456789012:user/bob", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/userGroupMembershipAka", "modUri": "tmod:@turbot/aws-iam" }}
userGroupMemberships
{ "type": "object", "properties": { "Arn": { "$ref": "#/definitions/userGroupMembershipAka" }, "Path": { "$ref": "#/definitions/userPath" }, "GroupNames": { "type": "array", "items": { "$ref": "#/definitions/userName" } }, "GroupName": { "$ref": "#/definitions/userName" }, "UserName": { "$ref": "#/definitions/userName" }, "turbotManagedGroups": { "type": "array", "items": { "$ref": "#/definitions/userName" } }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/userGroupMembershipAka" } }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "turbotManagedGroups": { "type": "array", "items": { "$ref": "#/definitions/userName" } } } } } } }, "tests": [ { "description": "base", "input": { "Arn": "arn:aws:iam::492552618977:userGroupMemberships/turbot/user", "UserName": "testUser", "turbot": { "custom": { "aws": { "accountId": 123456789012 }, "createTimestamp": "2018-12-21T18:15:20.000Z" } } } }, { "description": "invalid - no Username provided", "input": { "Arn": "arn:aws:iam::492552618977:userGroupMemberships/turbot/user", "turbot": { "custom": { "aws": { "accountId": 123456789012 }, "createTimestamp": "2018-12-21T18:15:20.000Z" } } } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/userGroupMemberships", "modUri": "tmod:@turbot/aws-iam" }}
userId
{ "type": "string", "minLength": 16, "maxLength": 128, "pattern": "^[A-Za-z0-9_]+$", "tests": [ { "input": "AIDACKCEVSQ6C2EXAMPLE" }, { "description": "min length", "input": "AIDACKCEVSQ6C2EX" }, { "description": "group id", "input": "AGPACKCEVSQ6C2EXAMPLE" }, { "description": "role id", "input": "AROADBQP57FF2AEXAMPLE" }, { "description": "max length", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345678" }, { "description": "invalid - too long", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456", "expected": false }, { "description": "invalid - at symbol not allowed in pattern", "input": "user@bob", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/userId", "modUri": "tmod:@turbot/aws-iam" }}
userInlinePolicy
{ "type": "object", "properties": { "UserName": { "$ref": "#/definitions/userName" }, "PolicyName": { "$ref": "#/definitions/policyName" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/userInlinePolicyAka" } }, "tags": { "$ref": "aws#/definitions/tagsMap" }, "title": { "$ref": "#/definitions/policyName" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "PolicyName", "turbot", "UserName" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "UserName": "test01", "PolicyName": "admin_1", "turbot": { "akas": [ "arn:aws:iam::123456789012:user/test01/inline-policy/admin_1" ], "title": "test01-admin_1", "custom": { "aws": { "accountId": 123456789012 } } } } }, { "description": "Invalid - Missing user name", "input": { "PolicyName": "admin_1", "turbot": { "akas": [ "arn:aws:iam::123456789012:user/test01/inline-policy/admin_1" ], "title": "test01-admin_1", "custom": { "aws": { "accountId": 123456789012 } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "UserName": "test01", "PolicyName": "admin_1" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/userInlinePolicy", "modUri": "tmod:@turbot/aws-iam" }}
userInlinePolicyAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:user/[A-Za-z0-9_+=,.@-]{1,64}/inline-policy/[A-Za-z0-9_+=,.@-]+$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:user/test01/inline-policy/hf" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::123456789012:users/test01/inline-policy/hf", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam::4653726:user/test01/inline-policy/hf", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/userInlinePolicyAka", "modUri": "tmod:@turbot/aws-iam" }}
userName
{ "type": "string", "minLength": 1, "maxLength": 64, "pattern": "^[A-Za-z0-9_+=,.@-]+$", "tests": [ { "input": "Foo,foo+fOO-bar" }, { "input": "00123" }, { "input": "ab@cde.com" }, { "input": "Test.The-Kitchen_Sink" }, { "description": "max length", "input": "a23456789_123456789_123456789_123456789_16789_123456789_12345678" }, { "description": "invalid - too long", "input": "a23456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456", "expected": false }, { "description": "invalid - empty string", "input": "", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/userName", "modUri": "tmod:@turbot/aws-iam" }}
userPath
{ "type": "string", "minLength": 1, "maxLength": 512, "pattern": "^(/)|(/[!-]+/)$", "tests": [ { "input": "/division_abc/subdivision_xyz/*" }, { "input": "//" }, { "description": "min length", "input": "/" }, { "description": "invalid - null value", "input": null, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/userPath", "modUri": "tmod:@turbot/aws-iam" }}
userPolicyAttachment
{ "type": "object", "properties": { "UserName": { "$ref": "#/definitions/policyName" }, "PolicyName": { "$ref": "#/definitions/policyName" }, "PolicyArn": { "$ref": "#/definitions/userArn" }, "Id": { "$ref": "#/definitions/policyAttachmentId" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/userPolicyAttachmentAka" } }, "title": { "$ref": "#/definitions/policyAttachmentId" }, "custom": { "type": "object", "properties": { "aws": { "$ref": "aws#/definitions/awsMetadata" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "UserName": "venu", "PolicyName": "admin", "PolicyArn": "arn:aws:iam::492552618977:policy/turbot/admin", "Id": "venu-admin", "turbot": { "akas": [ "arn:aws:iam::123456789012:user/venu/policy-attachment/abcjkc" ], "title": "venu-admin", "custom": { "aws": { "accountId": 123456789012, "regionName": "us-east-1" } } } } }, { "description": "Invalid - Missing UserName", "input": { "PolicyName": "admin", "PolicyArn": "arn:aws:iam::492552618977:policy/turbot/admin", "Id": "venu-admin", "turbot": { "akas": [ "arn:aws:iam:123456789012:venu/policy-attachment/abcjkc" ], "title": "Admin", "custom": { "aws": { "accountId": 123456789012, "regionName": "us-east-1" } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "UserName": "venu", "PolicyName": "admin", "PolicyArn": "arn:aws:iam::492552618977:policy/turbot/admin", "Id": "venu-admin" } } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/userPolicyAttachment", "modUri": "tmod:@turbot/aws-iam" }}
userPolicyAttachmentAka
{ "type": "string", "pattern": "^arn:aws(-us-gov|-cn)?:iam::[0-9]{12}:user/[A-Za-z0-9_+=,.@-]{1,64}/policy-attachment/[A-Za-z0-9_.-]{1,128}$", "tests": [ { "description": "Valid - Base case", "input": "arn:aws:iam::123456789012:user/ab@cde.com/policy-attachment/Foo" }, { "description": "Invalid - Malformed resource collection", "input": "arn:aws:iam::123456789012:user/venu/policy-attachments/Foo", "expected": false }, { "description": "Invalid - Malformed account ID", "input": "arn:aws:iam::1234567890123:user/venu/policy-attachment/Foo", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/userPolicyAttachmentAka", "modUri": "tmod:@turbot/aws-iam" }}
userServiceNow
{ "defaultColumns": { "account_id": { "column": "enabled", "path": "metadata.aws.accountId", "label": "Account ID" }, "arn": { "column": "enabled", "label": "ARN" }, "attached_policies": { "column": "enabled", "label": "Attached Policies", "type": "string", "size": 1000 }, "user_policies": { "column": "enabled", "label": "User Policies", "type": "string", "size": 1000 }, "create_date": { "column": "enabled", "label": "Create Date" }, "groups": { "column": "enabled", "label": "Groups", "type": "string", "size": 1000 }, "login_profile": { "column": "enabled", "label": "Login Profile", "type": "string", "size": 1000 }, "user_name": { "column": "enabled", "path": "data.UserName" }, "password_last_used": { "column": "enabled", "label": "Password Last Used" }, "path": { "column": "enabled", "label": "Path" }, "tags": { "column": "enabled", "label": "Tags", "type": "string", "size": 1000 }, "user_id": { "column": "enabled", "label": "User ID" } }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/userServiceNow", "modUri": "tmod:@turbot/aws-iam" }}
virtualMFADevices
{ "type": "object", "properties": { "SerialNumber": { "$ref": "#/definitions/serialNumber" } }, ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/virtualMFADevices", "modUri": "tmod:@turbot/aws-iam" }}
virtualMfaMaxItems
{ "type": "integer", "default": 100, "minimum": 1, "maximum": 1000, "tests": [ { "input": 123 }, { "description": "min value", "input": 1 }, { "description": "max value", "input": 1000 }, { "description": "invalid - greater than max value", "input": 11111111, "expected": false }, { "description": "invalid - string type provided", "input": "three", "expected": false }, { "description": "invalid - decimal value provided", "input": 4.5, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/aws-iam#/definitions/virtualMfaMaxItems", "modUri": "tmod:@turbot/aws-iam" }}