Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
AWS
Loading resources...

Resource Type: AWS > IAM > Role

The IAM Role resource type is part of the AWS Identity and Access Management (IAM) service. Each IAM Role resource is an identity with specific permissions that can be assumed by users, applications, or services to perform actions on AWS resources.

Resource Context

Role is a part of the IAM service.

Each Role lives under an Account.

Each Role may have children of these types:
  • Inline Policy
  • Role Policy Attachments

Controls

The primary controls for AWS > IAM > Role are:

  • Active
  • Approved
  • Boundary
  • CMDB
  • Configured
  • Discovery
  • Intelligent Assessment
  • Policy
  • Policy Attachments
  • ServiceNow
  • Tags
  • Trust Relationship Statements
  • Usage

It is also targeted by these controls:

  • AWS > HIPAA > IAM > KMS key decryption should be restricted in IAM inline policy
  • AWS > IAM > Role > Inline Policy > Discovery
  • AWS > IAM > Role > Role Policy Attachments > Discovery
  • AWS > NIST 800-53 > IAM > IAM groups, users, and roles should not have any inline policies
  • AWS > Turbot > IAM > Role > Managed

Quick Actions

  • Attach Inline Policy
  • Attach Policies
  • Attach Quarantine policy
  • Attach Quarantine policy
  • Delete
  • Delete from AWS
  • Detach Policies
  • Detach Quarantine policy
  • Detach Quarantine policy
  • IAM Role Managed
  • Router
  • Set Boundary Policy
  • Set Policy Trusted Access
  • Set Tags
  • Skip alarm for Active control
  • Skip alarm for Active control [90 days]
  • Skip alarm for Approved control
  • Skip alarm for Approved control [90 days]
  • Skip alarm for Tags control
  • Skip alarm for Tags control [90 days]
  • Update Tags
  • Update Trust Policy

Category

  • IAM

In Your Workspace

  • Controls by Resource Type report
  • Policy Settings by Resource Type report
  • Resources by Resource Type report

Developers

    Resource Type URI
    • tmod:@turbot/aws-iam#/resource/types/role
    • Category URI
    • tmod:@turbot/turbot#/resource/categories/iam
    • GraphQL
    • query resource(id: "tmod:@turbot/aws-iam#/resource/types/role") { … }
    • query resourceActivities(filter: "resourceId:'tmod:@turbot/aws-iam#/resource/types/role'") { … }
    • mutation createResource(input: { … })
    • mutation updateResource(input: { … })
    • CLI
    • Get Resource
    • turbot graphql resource --id "tmod:@turbot/aws-iam#/resource/types/role"
    • Steampipe Query
    • Get Resource
    • select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/role';
      • Get Policy Settings (By Resource ID)
    • select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-iam#/resource/types/role"';
      • Get Resource Notification
    • select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/role' and notification_type in ('resource_updated', 'resource_created');
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
180
Mods
497
Resource Types
8,691
Policies
3,362
Controls
1,833
Quick Actions
540
IAM