Resource Type: AWS > IAM > Role

The IAM Role resource type is part of the AWS Identity and Access Management (IAM) service. Each IAM Role resource is an identity with specific permissions that can be assumed by users, applications, or services to perform actions on AWS resources.

Resource Context

Role is a part of the IAM service.

Each Role lives under an Account.

Each Role may have children of these types:

Controls

The primary controls for AWS > IAM > Role are:

It is also targeted by these controls:

Quick Actions

In Your Workspace

Developers

Resource Type URI

tmod:@turbot/aws-iam#/resource/types/role

Category URI

tmod:@turbot/turbot#/resource/categories/iam

GraphQL

query resource(id: "tmod:@turbot/aws-iam#/resource/types/role") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/aws-iam#/resource/types/role'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/aws-iam#/resource/types/role"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/role';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-iam#/resource/types/role"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/role' and notification_type in ('resource_updated', 'resource_created');