Policy Packs
Deny all AWS IAM actions from Unapproved Networks

Policy Setting: AWS > IAM > Role > Boundary

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "aws_iam_role_boundary" {
resource = turbot_policy_pack.main.id
type = "tmod:@turbot/aws-iam#/policy/types/roleBoundary"
template_input = <<EOT
{
resource {
role_arn: get(path: "Arn")
parent {
turbot_iam_role: policyValue(uri: "tmod:@turbot/aws#/policy/types/turbotIamRole") {
value
}
}
}
}
EOT
template = <<EOT
{%- if $.resource.role_arn and $.resource.role_arn != $.resource.parent.turbot_iam_role.value -%}
"Check: Boundary > Policy"
# "Enforce: Boundary > Policy"
{%- else -%}
"Skip"
{%- endif -%}
EOT
}