AwsIamRoleDetails - AWS Security Hub

AwsIamRoleDetails

Contains information about an IAM role, including all of the role's policies.

Contents

AssumeRolePolicyDocument

The trust policy that grants permission to assume the role.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 131072.

Pattern: [\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]+

Required: No

AttachedManagedPolicies

The list of the managed policies that are attached to the role.

Type: Array of AwsIamAttachedManagedPolicy objects

Required: No

CreateDate

Indicates when the role was created.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round 2024-10-31T23:00:00.123456789Z to 2024-10-31T23:00:00.123Z.

Type: String

Pattern: .*\S.*

Required: No

InstanceProfileList

The list of instance profiles that contain this role.

Type: Array of AwsIamInstanceProfile objects

Required: No

MaxSessionDuration

The maximum session duration (in seconds) that you want to set for the specified role.

Type: Integer

Required: No

Path

The path to the role.

Type: String

Pattern: .*\S.*

Required: No

PermissionsBoundary

Information about the policy used to set the permissions boundary for an IAM principal.

Type: AwsIamPermissionsBoundary object

Required: No

RoleId

The stable and unique string identifying the role.

Type: String

Pattern: .*\S.*

Required: No

RoleName

The friendly name that identifies the role.

Type: String

Pattern: .*\S.*

Required: No

RolePolicyList

The list of inline policies that are embedded in the role.

Type: Array of AwsIamRolePolicy objects

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: