awscc.iam_role¶
Filters¶
event
reduce
value
Actions¶
delete¶
Parent base class for filters and actions.
properties:
type:
enum:
- delete
required:
- type
Permissions - iam:DeleteRole, iam:DetachRolePolicy, iam:DeleteRolePolicy, iam:GetRole
update¶
Parent base class for filters and actions.
definitions:
Policy:
additionalProperties: false
description: The inline policy document that is embedded in the specified IAM
role.
properties:
PolicyDocument:
description: The policy document.
type:
- string
- object
PolicyName:
description: The friendly name (not ARN) identifying the policy.
maxLength: 128
minLength: 1
type: string
required:
- PolicyName
- PolicyDocument
type: object
Tag:
additionalProperties: false
description: A key-value pair to associate with a resource.
properties:
Key:
description: 'The key name of the tag. You can specify a value that is 1 to
128 Unicode characters in length and cannot be prefixed with aws:. You can
use any of the following characters: the set of Unicode letters, digits,
whitespace, _, ., /, =, +, and -.'
maxLength: 128
minLength: 1
type: string
Value:
description: 'The value for the tag. You can specify a value that is 0 to
256 Unicode characters in length and cannot be prefixed with aws:. You can
use any of the following characters: the set of Unicode letters, digits,
whitespace, _, ., /, =, +, and -.'
maxLength: 256
minLength: 0
type: string
required:
- Key
- Value
type: object
properties:
AssumeRolePolicyDocument:
description: The trust policy that is associated with this role.
type:
- object
- string
Description:
description: A description of the role that you provide.
maxLength: 1000
type: string
ManagedPolicyArns:
description: 'A list of Amazon Resource Names (ARNs) of the IAM managed policies
that you want to attach to the role. '
insertionOrder: false
items:
type: string
type: array
uniqueItems: true
MaxSessionDuration:
description: 'The maximum session duration (in seconds) that you want to set for
the specified role. If you do not specify a value for this setting, the default
maximum of one hour is applied. This setting can have a value from 1 hour to
12 hours. '
maximum: 43200
minimum: 3600
type: integer
PermissionsBoundary:
description: The ARN of the policy used to set the permissions boundary for the
role.
type: string
Policies:
description: 'Adds or updates an inline policy document that is embedded in the
specified IAM role. '
insertionOrder: false
items:
additionalProperties: false
description: The inline policy document that is embedded in the specified IAM
role.
properties:
PolicyDocument:
description: The policy document.
type:
- string
- object
PolicyName:
description: The friendly name (not ARN) identifying the policy.
maxLength: 128
minLength: 1
type: string
required:
- PolicyName
- PolicyDocument
type: object
type: array
uniqueItems: false
Tags:
description: A list of tags that are attached to the role.
insertionOrder: false
items:
additionalProperties: false
description: A key-value pair to associate with a resource.
properties:
Key:
description: 'The key name of the tag. You can specify a value that is 1
to 128 Unicode characters in length and cannot be prefixed with aws:.
You can use any of the following characters: the set of Unicode letters,
digits, whitespace, _, ., /, =, +, and -.'
maxLength: 128
minLength: 1
type: string
Value:
description: 'The value for the tag. You can specify a value that is 0 to
256 Unicode characters in length and cannot be prefixed with aws:. You
can use any of the following characters: the set of Unicode letters, digits,
whitespace, _, ., /, =, +, and -.'
maxLength: 256
minLength: 0
type: string
required:
- Key
- Value
type: object
type: array
uniqueItems: false
type:
enum:
- update
Permissions - iam:UpdateRole, iam:UpdateRoleDescription, iam:UpdateAssumeRolePolicy, iam:DetachRolePolicy, iam:AttachRolePolicy, iam:DeleteRolePermissionsBoundary, iam:PutRolePermissionsBoundary, iam:DeleteRolePolicy, iam:PutRolePolicy, iam:TagRole, iam:UntagRole, iam:GetRole, iam:ListAttachedRolePolicies, iam:ListRolePolicies, iam:GetRolePolicy