Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
AWS
Loading policies...

Policy: AWS > Config > Configuration Recording > Configuration Recorder > Role

The ARN of the IAM role that AWS Config will assume. The default will use the role created in AWS > Guardrails > Service Roles > AWS Config. If you choose to use a different role, note that it: - must allow the config service to assume the role in its trust policy - requires PutObject, GetBucketAcl on the bucket - requires publish on the SNS topic - Needs describe/get/list access to any resources types being recorded

Targets

This policy targets the following resource types:

  • AWS > Region

Primary Policy

This policy is used with the following primary policy:

  • AWS > Config > Configuration Recording > Configuration Recorder

Policy Specification

Schema Type
string
Default template
arn:{{ $.region.turbot.custom.aws.partition }}:iam::{{ $.region.turbot.custom.aws.accountId }}:role{{ $.rolePath }}{{ $.roleName }}
Default template input
- |
  {
    account {
      turbot {
        id
      }
    }
    region {
      turbot {
        custom {
          aws {
            accountId
          }
        }
      }
    }
  }
- |
  {
    roleName: policy(uri:"aws#/policy/types/serviceRolesConfigurationRecordingName", resourceId: "{{ $.account.turbot.id }}")
    rolePath: policy(uri:"aws#/policy/types/serviceRolesNamePath", resourceId: "{{ $.account.turbot.id }}")
    region {
      turbot {
        custom {
          aws {
            accountId
            partition
          }
        }
      }
    }
  }
Examples [YAML]
arn:aws:iam::123456789012:role/config-ConfigRole-A1B2C3D4E5F6

Category

  • Resource > Configured

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/turbot#/control/categories/configured
    • Policy Type URI
    • tmod:@turbot/aws-config#/policy/types/configurationRecorderRole
    • GraphQL
    • query policyType(id: "tmod:@turbot/aws-config#/policy/types/configurationRecorderRole") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-config#/policy/types/configurationRecorderRole'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-config#/policy/types/configurationRecorderRole'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/aws-config#/policy/types/configurationRecorderRole"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-config#/policy/types/configurationRecorderRole"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
180
Mods
497
Resource Types
8,691
Policies
3,362
Controls
1,833
Quick Actions
540
IAM