Policy: AWS > Turbot > Permissions > Compiled > Service Permissions

Targets

This policy targets the following resource types:

• AWS > Account

Primary Policy

This policy is used with the following primary policy:

• AWS > Turbot > Permissions > Compiled

Related Policies

• @turbot/aws-acm
• @turbot/aws-amplify
• @turbot/aws-apigateway
• @turbot/aws-appconfig
• @turbot/aws-appfabric
• @turbot/aws-appflow
• @turbot/aws-appmesh
• @turbot/aws-appstream
• @turbot/aws-appsync
• @turbot/aws-artifact
• @turbot/aws-athena
• @turbot/aws-auditmanager
• @turbot/aws-backup
• @turbot/aws-batch
• @turbot/aws-bedrock
• @turbot/aws-billing
• @turbot/aws-braket
• @turbot/aws-chatbot
• @turbot/aws-chime
• @turbot/aws-cleanrooms
• @turbot/aws-cloud9
• @turbot/aws-clouddirectory
• @turbot/aws-cloudformation
• @turbot/aws-cloudfront
• @turbot/aws-cloudhsm
• @turbot/aws-cloudmap
• @turbot/aws-cloudsearch
• @turbot/aws-cloudshell
• @turbot/aws-cloudtrail
• @turbot/aws-cloudwatch
• @turbot/aws-codebuild
• @turbot/aws-codecommit
• @turbot/aws-codedeploy
• @turbot/aws-codepipeline
• @turbot/aws-codestar
• @turbot/aws-codewhisperer
• @turbot/aws-cognito
• @turbot/aws-comprehend
• @turbot/aws-computeoptimizer
• @turbot/aws-config
• @turbot/aws-connect
• @turbot/aws-datapipeline
• @turbot/aws-datasync
• @turbot/aws-dax
• @turbot/aws-devicefarm
• @turbot/aws-directconnect
• @turbot/aws-directoryservice
• @turbot/aws-dms
• @turbot/aws-dynamodb
• @turbot/aws-ec2
• @turbot/aws-ec2imagebuilder
• @turbot/aws-ecr
• @turbot/aws-ecs
• @turbot/aws-efs
• @turbot/aws-eks
• @turbot/aws-elasticache
• @turbot/aws-elasticbeanstalk
• @turbot/aws-elasticinference
• @turbot/aws-elasticsearch
• @turbot/aws-elastictranscoder
• @turbot/aws-emr
• @turbot/aws-eventbridgepipes
• @turbot/aws-eventbridgescheduler
• @turbot/aws-events
• @turbot/aws-fms
• @turbot/aws-fsx
• @turbot/aws-gamelift
• @turbot/aws-glacier
• @turbot/aws-globalaccelerator
• @turbot/aws-glue
• @turbot/aws-gluedatabrew
• @turbot/aws-greengrass
• @turbot/aws-guardduty
• @turbot/aws-health
• @turbot/aws-iam
• @turbot/aws-inspector
• @turbot/aws-iot
• @turbot/aws-iot1click
• @turbot/aws-iotanalytics
• @turbot/aws-iotevents
• @turbot/aws-iotsitewise
• @turbot/aws-iotthingsgraph
• @turbot/aws-kendra
• @turbot/aws-kinesis
• @turbot/aws-kms
• @turbot/aws-lakeformation
• @turbot/aws-lambda
• @turbot/aws-lex
• @turbot/aws-lightsail
• @turbot/aws-location
• @turbot/aws-logs
• @turbot/aws-machinelearning
• @turbot/aws-macie
• @turbot/aws-mediaconnect
• @turbot/aws-mediaconvert
• @turbot/aws-medialive
• @turbot/aws-mediapackage
• @turbot/aws-mediastore
• @turbot/aws-mediatailor
• @turbot/aws-mq
• @turbot/aws-msk
• @turbot/aws-mwaa
• @turbot/aws-omics
• @turbot/aws-opensearch
• @turbot/aws-organizations
• @turbot/aws-outposts
• @turbot/aws-polly
• @turbot/aws-qldb
• @turbot/aws-quicksight
• @turbot/aws-ram
• @turbot/aws-rds
• @turbot/aws-redshift
• @turbot/aws-redshiftserverless
• @turbot/aws-rekognition
• @turbot/aws-resourcegroups
• @turbot/aws-robomaker
• @turbot/aws-route53
• @turbot/aws-route53domains
• @turbot/aws-route53recoverycontrolconfig
• @turbot/aws-route53recoveryreadiness
• @turbot/aws-route53resolver
• @turbot/aws-s3
• @turbot/aws-s3table
• @turbot/aws-sagemaker
• @turbot/aws-savingsplans
• @turbot/aws-scheduler
• @turbot/aws-secretsmanager
• @turbot/aws-securityhub
• @turbot/aws-serverlessapplicationrepository
• @turbot/aws-servermigration
• @turbot/aws-servicecatalog
• @turbot/aws-servicequotas
• @turbot/aws-ses
• @turbot/aws-shield
• @turbot/aws-signer
• @turbot/aws-simpledb
• @turbot/aws-snowball
• @turbot/aws-sns
• @turbot/aws-sqs
• @turbot/aws-ssm
• @turbot/aws-stepfunctions
• @turbot/aws-storagegateway
• @turbot/aws-support
• @turbot/aws-swf
• @turbot/aws-tagging
• @turbot/aws-textract
• @turbot/aws-transcribe
• @turbot/aws-transfer
• @turbot/aws-translate
• @turbot/aws-trustedadvisor
• @turbot/aws-vpc
• @turbot/aws-vpclattice
• @turbot/aws-waf
• @turbot/aws-wafregional
• @turbot/aws-wellarchitected
• @turbot/aws-workdocs
• @turbot/aws-workspaces
• @turbot/aws-xray

Controls

Setting this policy configures these controls:

• AWS > Turbot > IAM > Managed
• AWS > Turbot > IAM > Policy > Managed

Policy Specification

array

Category

• IAM > Permissions

In Your Workspace

• Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/iamPermissions

Policy Type URI

tmod:@turbot/aws-iam#/policy/types/iamPermissionsCompiledServicePermissions

GraphQL

query policyType(id: "tmod:@turbot/aws-iam#/policy/types/iamPermissionsCompiledServicePermissions") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/iamPermissionsCompiledServicePermissions'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/iamPermissionsCompiledServicePermissions'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-iam#/policy/types/iamPermissionsCompiledServicePermissions"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-iam#/policy/types/iamPermissionsCompiledServicePermissions"