aws.iam-group

Filters

• check-permissions

• config-compliance

• event

• finding

• has-inline-policy

• has-users

• ops-item

• usage

• value

has-inline-policy

Filter IAM groups that have an inline-policy based on boolean value: True: Filter all groups that have an inline-policy attached False: Filter all groups that do not have an inline-policy attached

example

- name: iam-groups-with-inline-policy
  resource: iam-group
  filters:
    - type: has-inline-policy
      value: True

properties:
  type:
    enum:
    - has-inline-policy
  value:
    type: boolean
required:
- type

has-users

Filter IAM groups that have users attached based on True/False value: True: Filter all IAM groups with users assigned to it False: Filter all IAM groups without any users assigned to it

example

- name: empty-iam-group
  resource: iam-group
  filters:
    - type: has-users
      value: False

properties:
  type:
    enum:
    - has-users
  value:
    type: boolean
required:
- type

Actions

• invoke-lambda

• invoke-sfn

• notify

• post-finding

• post-item

• put-metric

• webhook