Policy: AWS > IAM > Root > Approved

Determine the action to take when an AWS IAM root is not approved based on AWS > IAM > Root > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm.

See Approved for more information.

Resource Types

This policy targets the following resource types:

AWS > IAM > Root

Controls

AWS > IAM > Root > Approved

Policy Packs

This policy setting is used by the following policy packs:

Check MFA Is Enabled for AWS IAM Root Accounts

Policy Specification

Schema Type	`string`
Default	`Skip`
Valid Values [YAML]	`Skip` `Check: Approved`
Examples [YAML]	`Check: Approved`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/resourceApproved

Policy Type URI

tmod:@turbot/aws-iam#/policy/types/rootApproved

GraphQL

query policyType(id: "tmod:@turbot/aws-iam#/policy/types/rootApproved") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/rootApproved'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/rootApproved'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-iam#/policy/types/rootApproved"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-iam#/policy/types/rootApproved"