standard
turbot/aws_compliance

Pipeline: Correct one IAM role attached with *:* policy

Runs corrective action to detach the *:* policy from a IAM role.

Run the pipeline

To run this pipeline from your terminal:

flowpipe pipeline run aws_compliance.pipeline.correct_one_iam_role_with_policy_star_star_attached \
--arg 'title=<string>' \
--arg 'role_name=<string>' \
--arg 'policy_arn=<string>' \
--arg 'account_id=<string>' \
--arg 'conn=<connection.aws>'

Use this pipeline

To call this pipeline from your pipeline, use a step:

step "pipeline" "step_name" {
pipeline = aws_compliance.pipeline.correct_one_iam_role_with_policy_star_star_attached
args = {
title = <string>
role_name = <string>
policy_arn = <string>
account_id = <string>
conn = <connection.aws>
}
}

Params

NameTypeRequiredDescriptionDefault
title
string
YesTitle of the resource, to be used as a display name.-
role_name
string
YesThe name of the IAM role.-
policy_arn
string
YesThe ARN of the policy to be detached.-
account_id
string
YesThe account ID of the AWS account.-
conn
connection.aws
YesName of the AWS connection to be used for any authenticated actions.-
notifier
notifier
YesThe name of the notifier to use for sending notification messages.notifier.default
notification_level
string
verbose, info, error
YesThe verbosity level of notification messages to send.info
approvers
list(notifier)
YesList of notifiers to be used for obtaining action/approval decisions.notifier.default
default_action
string
YesThe default action to use when there are no approvers.notify
enabled_actions
list(string)
YesThe list of enabled actions approvers can select.
[
"skip",
"detach_role_star_star_policy"
]

Outputs

This pipeline has no outputs.

Tags

category = Compliance
folder = Internal
mod = aws
service = AWS/IAM