Policy: AWS > Turbot > Permissions > Lockdown > API Boundary
A list of APIs that should be allowed in the Guardrails boundary policy.
This is represented as a list of apis and their scope (regional or global).
For example:
- api: 's3:*' regionScope: regional - api: 'iam:*' regionScope: global
Note: That APIs can be enabled or disabled via the relevant AWS > {Service} > API Enabled
policies. An API will be allowed in the boundary if it is EITHER enabled via AWS > {Service} > API Enabled
OR added to the AWS > Turbot > Permissions > Lockdown > API Boundary
policy.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Policy Specification
Default |
|
---|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/iamPermissions
- tmod:@turbot/aws-iam#/policy/types/permissionsLockdownApiBoundary
- turbot graphql policy-type --id "tmod:@turbot/aws-iam#/policy/types/permissionsLockdownApiBoundary"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-iam#/policy/types/permissionsLockdownApiBoundary"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI