Resource Type: AWS > IAM > Role
The IAM Role resource type is part of the AWS Identity and Access Management (IAM) service. Each IAM Role resource is an identity with specific permissions that can be assumed by users, applications, or services to perform actions on AWS resources.
Resource Context
Role is a part of the IAM service.
Each Role lives under an Account.
Each Role may have children of these types:Controls
The primary controls for AWS > IAM > Role are:
- Active
- Approved
- Boundary
- CMDB
- Configured
- Discovery
- Policy
- Policy Attachments
- ServiceNow
- Tags
- Trust Relationship Statements
- Usage
It is also targeted by these controls:
- AWS > HIPAA > IAM > KMS key decryption should be restricted in IAM inline policy
- AWS > IAM > Role > Inline Policy > Discovery
- AWS > IAM > Role > Role Policy Attachments > Discovery
- AWS > NIST 800-53 > IAM > IAM groups, users, and roles should not have any inline policies
- AWS > Turbot > IAM > Role > Managed
Quick Actions
- Attach Inline Policy
- Attach Policies
- Attach Quarantine policy
- Attach Quarantine policy
- Delete
- Delete from AWS
- Detach Policies
- Detach Quarantine policy
- Detach Quarantine policy
- IAM Role Managed
- Router
- Set Boundary Policy
- Set Policy Trusted Access
- Set Tags
- Skip alarm for Active control
- Skip alarm for Active control [90 days]
- Skip alarm for Approved control
- Skip alarm for Approved control [90 days]
- Skip alarm for Tags control
- Skip alarm for Tags control [90 days]
- Update Tags
- Update Trust Policy
Category
In Your Workspace
- Controls by Resource Type report
- Policy Settings by Resource Type report
- Resources by Resource Type report
Developers
- tmod:@turbot/aws-iam#/resource/types/role
- tmod:@turbot/turbot#/resource/categories/iam
- turbot graphql resource --id "tmod:@turbot/aws-iam#/resource/types/role"
Get Resource- select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/role';
- select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-iam#/resource/types/role"';
- select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/role' and notification_type in ('resource_updated', 'resource_created');
Get ResourceGet Policy Settings (By Resource ID)Get Resource Notification
Resource Type URI
Category URI
GraphQL
CLI
Steampipe Query