standard
turbot/aws_compliance

Pipeline: Correct one IAM user with unrestricted CloudShellFullAccess policy

Runs corrective action to detach the unrestricted CloudShellFullAccess policy from a IAM user.

Run the pipeline

To run this pipeline from your terminal:

flowpipe pipeline run aws_compliance.pipeline.correct_one_iam_user_with_unrestricted_cloudshell_full_access \
--arg 'title=<string>' \
--arg 'user_name=<string>' \
--arg 'account_id=<string>' \
--arg 'conn=<connection.aws>'

Use this pipeline

To call this pipeline from your pipeline, use a step:

step "pipeline" "step_name" {
pipeline = aws_compliance.pipeline.correct_one_iam_user_with_unrestricted_cloudshell_full_access
args = {
title = <string>
user_name = <string>
account_id = <string>
conn = <connection.aws>
}
}

Params

NameTypeRequiredDescriptionDefault
title
string
YesTitle of the resource, to be used as a display name.-
user_name
string
YesThe name of the IAM user.-
account_id
string
YesThe account ID of the AWS account.-
conn
connection.aws
YesName of the AWS connection to be used for any authenticated actions.-
notifier
notifier
YesThe name of the notifier to use for sending notification messages.notifier.default
notification_level
string
verbose, info, error
YesThe verbosity level of notification messages to send.info
approvers
list(notifier)
YesList of notifiers to be used for obtaining action/approval decisions.notifier.default
default_action
string
notify, skip, detach_policy
YesThe default action to use when there are no approvers.notify
enabled_actions
list(string)
skip, detach_policy
YesThe list of enabled actions approvers can select.
[
"skip",
"detach_policy"
]

Outputs

This pipeline has no outputs.

Tags

category = Compliance
folder = Internal
mod = aws
service = AWS/IAM