Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
AWS
Loading policies...

Policy: AWS > Turbot > Permissions > Compiled > Service Permissions

A calculated policy that Guardrails uses to create a single list of ALL permissions for all services that is used as input to the control that manages the IAM stack.

Targets

This policy targets the following resource types:

  • AWS > Account

Primary Policy

This policy is used with the following primary policy:

  • AWS > Turbot > Permissions > Compiled

Related Policies

  • @turbot/aws-acm
  • @turbot/aws-amplify
  • @turbot/aws-apigateway
  • @turbot/aws-appconfig
  • @turbot/aws-appfabric
  • @turbot/aws-appflow
  • @turbot/aws-appmesh
  • @turbot/aws-appstream
  • @turbot/aws-appsync
  • @turbot/aws-artifact
  • @turbot/aws-athena
  • @turbot/aws-auditmanager
  • @turbot/aws-backup
  • @turbot/aws-batch
  • @turbot/aws-bedrock
  • @turbot/aws-billing
  • @turbot/aws-braket
  • @turbot/aws-chatbot
  • @turbot/aws-chime
  • @turbot/aws-cleanrooms
  • @turbot/aws-cloud9
  • @turbot/aws-clouddirectory
  • @turbot/aws-cloudformation
  • @turbot/aws-cloudfront
  • @turbot/aws-cloudhsm
  • @turbot/aws-cloudmap
  • @turbot/aws-cloudsearch
  • @turbot/aws-cloudshell
  • @turbot/aws-cloudtrail
  • @turbot/aws-cloudwatch
  • @turbot/aws-codeartifact
  • @turbot/aws-codebuild
  • @turbot/aws-codecommit
  • @turbot/aws-codedeploy
  • @turbot/aws-codepipeline
  • @turbot/aws-codestar
  • @turbot/aws-codewhisperer
  • @turbot/aws-cognito
  • @turbot/aws-comprehend
  • @turbot/aws-computeoptimizer
  • @turbot/aws-config
  • @turbot/aws-connect
  • @turbot/aws-controltower
  • @turbot/aws-datapipeline
  • @turbot/aws-datasync
  • @turbot/aws-dax
  • @turbot/aws-devicefarm
  • @turbot/aws-directconnect
  • @turbot/aws-directoryservice
  • @turbot/aws-dms
  • @turbot/aws-dynamodb
  • @turbot/aws-ec2
  • @turbot/aws-ec2imagebuilder
  • @turbot/aws-ecr
  • @turbot/aws-ecs
  • @turbot/aws-efs
  • @turbot/aws-eks
  • @turbot/aws-elasticache
  • @turbot/aws-elasticbeanstalk
  • @turbot/aws-elasticinference
  • @turbot/aws-elasticsearch
  • @turbot/aws-elastictranscoder
  • @turbot/aws-emr
  • @turbot/aws-eventbridgepipes
  • @turbot/aws-eventbridgescheduler
  • @turbot/aws-events
  • @turbot/aws-fms
  • @turbot/aws-fsx
  • @turbot/aws-gamelift
  • @turbot/aws-glacier
  • @turbot/aws-globalaccelerator
  • @turbot/aws-glue
  • @turbot/aws-gluedatabrew
  • @turbot/aws-greengrass
  • @turbot/aws-guardduty
  • @turbot/aws-health
  • @turbot/aws-iam
  • @turbot/aws-inspector
  • @turbot/aws-iot
  • @turbot/aws-iot1click
  • @turbot/aws-iotanalytics
  • @turbot/aws-iotevents
  • @turbot/aws-iotsitewise
  • @turbot/aws-iotthingsgraph
  • @turbot/aws-kendra
  • @turbot/aws-kinesis
  • @turbot/aws-kms
  • @turbot/aws-lakeformation
  • @turbot/aws-lambda
  • @turbot/aws-lex
  • @turbot/aws-lightsail
  • @turbot/aws-location
  • @turbot/aws-logs
  • @turbot/aws-machinelearning
  • @turbot/aws-macie
  • @turbot/aws-mediaconnect
  • @turbot/aws-mediaconvert
  • @turbot/aws-medialive
  • @turbot/aws-mediapackage
  • @turbot/aws-mediastore
  • @turbot/aws-mediatailor
  • @turbot/aws-mq
  • @turbot/aws-msk
  • @turbot/aws-mskconnect
  • @turbot/aws-mwaa
  • @turbot/aws-omics
  • @turbot/aws-opensearch
  • @turbot/aws-organizations
  • @turbot/aws-outposts
  • @turbot/aws-polly
  • @turbot/aws-qldb
  • @turbot/aws-quicksight
  • @turbot/aws-ram
  • @turbot/aws-rds
  • @turbot/aws-redshift
  • @turbot/aws-redshiftserverless
  • @turbot/aws-rekognition
  • @turbot/aws-resourcegroups
  • @turbot/aws-robomaker
  • @turbot/aws-route53
  • @turbot/aws-route53domains
  • @turbot/aws-route53recoverycontrolconfig
  • @turbot/aws-route53recoveryreadiness
  • @turbot/aws-route53resolver
  • @turbot/aws-s3
  • @turbot/aws-s3table
  • @turbot/aws-sagemaker
  • @turbot/aws-savingsplans
  • @turbot/aws-scheduler
  • @turbot/aws-secretsmanager
  • @turbot/aws-securityhub
  • @turbot/aws-serverlessapplicationrepository
  • @turbot/aws-servermigration
  • @turbot/aws-servicecatalog
  • @turbot/aws-servicequotas
  • @turbot/aws-ses
  • @turbot/aws-shield
  • @turbot/aws-signer
  • @turbot/aws-simpledb
  • @turbot/aws-snowball
  • @turbot/aws-sns
  • @turbot/aws-sqs
  • @turbot/aws-ssm
  • @turbot/aws-stepfunctions
  • @turbot/aws-storagegateway
  • @turbot/aws-support
  • @turbot/aws-swf
  • @turbot/aws-tagging
  • @turbot/aws-textract
  • @turbot/aws-transcribe
  • @turbot/aws-transfer
  • @turbot/aws-translate
  • @turbot/aws-trustedadvisor
  • @turbot/aws-vpc
  • @turbot/aws-vpclattice
  • @turbot/aws-waf
  • @turbot/aws-wafregional
  • @turbot/aws-wellarchitected
  • @turbot/aws-workdocs
  • @turbot/aws-workspaces
  • @turbot/aws-xray

Controls

Setting this policy configures these controls:

  • AWS > Turbot > IAM > Managed
  • AWS > Turbot > IAM > Policy > Managed

Policy Specification

Schema Type
array

Category

  • IAM > Permissions

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/turbot#/control/categories/iamPermissions
    • Policy Type URI
    • tmod:@turbot/aws-iam#/policy/types/iamPermissionsCompiledServicePermissions
    • GraphQL
    • query policyType(id: "tmod:@turbot/aws-iam#/policy/types/iamPermissionsCompiledServicePermissions") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/iamPermissionsCompiledServicePermissions'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/iamPermissionsCompiledServicePermissions'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/aws-iam#/policy/types/iamPermissionsCompiledServicePermissions"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-iam#/policy/types/iamPermissionsCompiledServicePermissions"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
180
Mods
497
Resource Types
8,691
Policies
3,362
Controls
1,833
Quick Actions
540
IAM