Policy: Turbot > IAM > Profile > Expiration

Check if a profile has expired and provide a configurable warning period before deactivation. After profile dectivation, any active access keys linked to the profile will no longer be treated as active. To reactivate a profile, a user simply needs to log into the Turbot Console again via their Directory source.

Resource Types

This policy targets the following resource types:

Turbot > IAM > Profile

Days

Controls

Turbot > IAM > Profile > Expiration

Policy Specification

Schema Type	`string`
Default	`Skip`
Valid Values [YAML]	`Skip` `Check: Not expired` `Check: Does not expire in next 1 day` `Check: Does not expire in next 3 days` `Check: Does not expire in next 7 days` `Check: Does not expire in next 14 days` `Check: Does not expire in next 30 days` `Check: Does not expire in next 60 days` `Check: Does not expire in next 90 days` `Enforce: Deactivate expired` `Enforce: Deactivate expired with 1 day warning` `Enforce: Deactivate expired with 3 days warning` `Enforce: Deactivate expired with 7 days warning` `Enforce: Deactivate expired with 14 days warning` `Enforce: Deactivate expired with 30 days warning` `Enforce: Deactivate expired with 60 days warning` `Enforce: Deactivate expired with 90 days warning` `Enforce: Delete expired` `Enforce: Delete expired with 1 day warning` `Enforce: Delete expired with 3 days warning` `Enforce: Delete expired with 7 days warning` `Enforce: Delete expired with 14 days warning` `Enforce: Delete expired with 30 days warning` `Enforce: Delete expired with 60 days warning` `Enforce: Delete expired with 90 days warning`
Examples [YAML]	`Check: Does not expire in next 7 days`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/resourceExpiration

Policy Type URI

tmod:@turbot/turbot-iam#/policy/types/profileExpiration

GraphQL

query policyType(id: "tmod:@turbot/turbot-iam#/policy/types/profileExpiration") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/turbot-iam#/policy/types/profileExpiration'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/turbot-iam#/policy/types/profileExpiration'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/turbot-iam#/policy/types/profileExpiration"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/turbot-iam#/policy/types/profileExpiration"