Policy: AWS > Security Hub > Permissions > Levels > Modifiers
A map of AWS API to Guardrails Permission Level used to customize Guardrails' standard permissions. You can add, remove or redefine the mapping of AWS API operations to Guardrails permissions levels here.
Note: Modifiers are cumulative - if you add a permission to the Metadata level, it is also added to ReadOnly, Operator and Admin. Modifier policies set here apply ONLY to the AWS levelexample: - "glacier:createvault": admin - "glacier:ListVaults": metadata - "s3:DeleteBucket": none
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/iamPermissions
- tmod:@turbot/aws-securityhub#/policy/types/securityHubPermissionsLevelsModifiers
- turbot graphql policy-type --id "tmod:@turbot/aws-securityhub#/policy/types/securityHubPermissionsLevelsModifiers"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-securityhub#/policy/types/securityHubPermissionsLevelsModifiers"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI