awscc.iam_role

Filters

  • event

  • reduce

  • value

Actions

delete

Parent base class for filters and actions.

properties:
  type:
    enum:
    - delete
required:
- type

Permissions - iam:DeleteRole, iam:DetachRolePolicy, iam:DeleteRolePolicy, iam:GetRole

update

Parent base class for filters and actions.

definitions:
  Policy:
    additionalProperties: false
    description: The inline policy document that is embedded in the specified IAM
      role.
    properties:
      PolicyDocument:
        description: The policy document.
        type:
        - string
        - object
      PolicyName:
        description: The friendly name (not ARN) identifying the policy.
        maxLength: 128
        minLength: 1
        type: string
    required:
    - PolicyName
    - PolicyDocument
    type: object
  Tag:
    additionalProperties: false
    description: A key-value pair to associate with a resource.
    properties:
      Key:
        description: 'The key name of the tag. You can specify a value that is 1 to
          128 Unicode characters in length and cannot be prefixed with aws:. You can
          use any of the following characters: the set of Unicode letters, digits,
          whitespace, _, ., /, =, +, and -.'
        maxLength: 128
        minLength: 1
        type: string
      Value:
        description: 'The value for the tag. You can specify a value that is 0 to
          256 Unicode characters in length and cannot be prefixed with aws:. You can
          use any of the following characters: the set of Unicode letters, digits,
          whitespace, _, ., /, =, +, and -.'
        maxLength: 256
        minLength: 0
        type: string
    required:
    - Key
    - Value
    type: object
properties:
  AssumeRolePolicyDocument:
    description: The trust policy that is associated with this role.
    type:
    - object
    - string
  Description:
    description: A description of the role that you provide.
    maxLength: 1000
    type: string
  ManagedPolicyArns:
    description: 'A list of Amazon Resource Names (ARNs) of the IAM managed policies
      that you want to attach to the role. '
    insertionOrder: false
    items:
      type: string
    type: array
    uniqueItems: true
  MaxSessionDuration:
    description: 'The maximum session duration (in seconds) that you want to set for
      the specified role. If you do not specify a value for this setting, the default
      maximum of one hour is applied. This setting can have a value from 1 hour to
      12 hours. '
    maximum: 43200
    minimum: 3600
    type: integer
  PermissionsBoundary:
    description: The ARN of the policy used to set the permissions boundary for the
      role.
    type: string
  Policies:
    description: 'Adds or updates an inline policy document that is embedded in the
      specified IAM role. '
    insertionOrder: false
    items:
      additionalProperties: false
      description: The inline policy document that is embedded in the specified IAM
        role.
      properties:
        PolicyDocument:
          description: The policy document.
          type:
          - string
          - object
        PolicyName:
          description: The friendly name (not ARN) identifying the policy.
          maxLength: 128
          minLength: 1
          type: string
      required:
      - PolicyName
      - PolicyDocument
      type: object
    type: array
    uniqueItems: false
  Tags:
    description: A list of tags that are attached to the role.
    insertionOrder: false
    items:
      additionalProperties: false
      description: A key-value pair to associate with a resource.
      properties:
        Key:
          description: 'The key name of the tag. You can specify a value that is 1
            to 128 Unicode characters in length and cannot be prefixed with aws:.
            You can use any of the following characters: the set of Unicode letters,
            digits, whitespace, _, ., /, =, +, and -.'
          maxLength: 128
          minLength: 1
          type: string
        Value:
          description: 'The value for the tag. You can specify a value that is 0 to
            256 Unicode characters in length and cannot be prefixed with aws:. You
            can use any of the following characters: the set of Unicode letters, digits,
            whitespace, _, ., /, =, +, and -.'
          maxLength: 256
          minLength: 0
          type: string
      required:
      - Key
      - Value
      type: object
    type: array
    uniqueItems: false
  type:
    enum:
    - update

Permissions - iam:UpdateRole, iam:UpdateRoleDescription, iam:UpdateAssumeRolePolicy, iam:DetachRolePolicy, iam:AttachRolePolicy, iam:DeleteRolePermissionsBoundary, iam:PutRolePermissionsBoundary, iam:DeleteRolePolicy, iam:PutRolePolicy, iam:TagRole, iam:UntagRole, iam:GetRole, iam:ListAttachedRolePolicies, iam:ListRolePolicies, iam:GetRolePolicy