Policy: AWS > Directory Service > Enabled

Configure whether the AWS Directory Service service is enabled. This will only affect Guardrails managed User Roles and will allow the Guardrails managed user to access AWS Directory Service service. - Enabled policy allows Guardrails managed users to perform all the actions for the service - Enabled: Metadata Only policy allows Guardrails managed users to perform only the metadata level actions for the service (like describe*, list*)

Note: - Disabled policy disables the service but does NOT disable the API for Guardrails or SuperUsers - All the resource data stored in the Guardrails CMDB is considered to be metadata - For more information related to permissions and grant levels, please check the documentation

Resource Types

This policy targets the following resource types:

AWS > Account

Policy Specification

Schema Type	`string`
Default	`Disabled`
Valid Values [YAML]	`Enabled` `Enabled: Metadata Only` `Disabled`
Examples [YAML]	`Enabled`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/iamPermissions

Policy Type URI

tmod:@turbot/aws-directoryservice#/policy/types/directoryServiceEnabled

GraphQL

query policyType(id: "tmod:@turbot/aws-directoryservice#/policy/types/directoryServiceEnabled") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-directoryservice#/policy/types/directoryServiceEnabled'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-directoryservice#/policy/types/directoryServiceEnabled'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-directoryservice#/policy/types/directoryServiceEnabled"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-directoryservice#/policy/types/directoryServiceEnabled"