AwsIamRoleDetails
Contains information about an IAM role, including all of the role's policies.
Contents
- AssumeRolePolicyDocument
-
The trust policy that grants permission to assume the role.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 131072.
Pattern:
[\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]+
Required: No
- AttachedManagedPolicies
-
The list of the managed policies that are attached to the role.
Type: Array of AwsIamAttachedManagedPolicy objects
Required: No
- CreateDate
-
Indicates when the role was created.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:-
YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
) -
YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
) -
YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
) -
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round
2024-10-31T23:00:00.123456789Z
to2024-10-31T23:00:00.123Z
.Type: String
Pattern:
.*\S.*
Required: No
-
- InstanceProfileList
-
The list of instance profiles that contain this role.
Type: Array of AwsIamInstanceProfile objects
Required: No
- MaxSessionDuration
-
The maximum session duration (in seconds) that you want to set for the specified role.
Type: Integer
Required: No
- Path
-
The path to the role.
Type: String
Pattern:
.*\S.*
Required: No
- PermissionsBoundary
-
Information about the policy used to set the permissions boundary for an IAM principal.
Type: AwsIamPermissionsBoundary object
Required: No
- RoleId
-
The stable and unique string identifying the role.
Type: String
Pattern:
.*\S.*
Required: No
- RoleName
-
The friendly name that identifies the role.
Type: String
Pattern:
.*\S.*
Required: No
- RolePolicyList
-
The list of inline policies that are embedded in the role.
Type: Array of AwsIamRolePolicy objects
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: