ServiceNow CMDB CI relationship sync: faster, more complete →
Mods
AWS

Policy: AWS > Turbot > Permissions

This policy determines the permission mode used by Guardrails. There are 3 possible configurations:

None: Guardrails will not manage any AWS IAM permissions. This setting is for organizations that want to maintain complete control over AWS IAM.

Policy-Only Mode: Guardrails policies are created in AWS IAM, but no management of roles or users will occur. This option helps automate policy creation across a wide number of accounts while keeping control in the hands of the organization.

Role Mode: Guardrails will create policies and roles within the AWS account. This allows administrators to assign AWS permissions in Guardrails. Users federate into AWS and will assume the role that is assigned to their profile in Guardrails.

User Mode: Guardrails will create policies, roles and users within the AWS account. Access granted at the folder level ABOVE the accounts will always leverage roles. Guardrails users granted access only at the folder level will NOT have a corresponding IAM User. If a user is granted any access explicitly on the account, an IAM user will be created for them

Resource Types

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Policy Specification

Schema Type
string
Default
Skip
Valid Values [YAML]
  • Skip
    
  • Check: None
    
  • Check: Policy-Only Mode
    
  • Check: Role Mode
    
  • Check: User Mode
    
  • Enforce: None
    
  • Enforce: Policy-Only Mode
    
  • Enforce: Role Mode
    
  • Enforce: User Mode
    
Examples [YAML]
  • Enforce: None
    

Category

In Your Workspace

Developers