Policy: AWS > IAM > Role > Boundary > Policy

Configure which boundary policy to apply to the IAM role. This must be the name of an existing AWS IAM Boundary policy. AWS Boundary Policies are used to enforce Turbot Guardrails for enabling/disabling API Services and Regions.

Resource Types

This policy targets the following resource types:

AWS > IAM > Role

Primary Policy

This policy is used with the following primary policy:

AWS > IAM > Role > Boundary

Controls

AWS > IAM > Role > Boundary

Policy Packs

This policy setting is used by the following policy packs:

Deny all AWS IAM actions from Unapproved Networks

Policy Specification

Default template	`{{$.prefix}}boundary`
Default template input	`\| { prefix: policy(uri:"#/policy/types/turbotRoleNamePrefix") }`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/other

Policy Type URI

tmod:@turbot/aws-iam#/policy/types/roleBoundaryPolicy

GraphQL

query policyType(id: "tmod:@turbot/aws-iam#/policy/types/roleBoundaryPolicy") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/roleBoundaryPolicy'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/roleBoundaryPolicy'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-iam#/policy/types/roleBoundaryPolicy"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-iam#/policy/types/roleBoundaryPolicy"