managed_policies
Used to retrieve a list of managed_policies
in a region or to create or delete a managed_policies
resource, use managed_policy
to read or update an individual resource.
Overview
Name | managed_policies |
Type | Resource |
Description | Creates a new managed policy for your AWS-account.<br/> This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide*.<br/> As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide*.<br/> For more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. |
Id | aws.iam.managed_policies |
Fields
Name | Datatype | Description |
---|---|---|
policy_arn | string | |
region | string | AWS region. |
Methods
Name | Accessible by | Required Params |
---|---|---|
create_resource | INSERT | PolicyDocument, region |
delete_resource | DELETE | data__Identifier, region |
list_resource | SELECT | region |
SELECT
Example
SELECT
region,
policy_arn
FROM aws.iam.managed_policies
;
INSERT
Example
Use the following StackQL query and manifest file to create a new managed_policy
resource, using stack-deploy
.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.iam.managed_policies (
PolicyDocument,
region
)
SELECT
'{{ PolicyDocument }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.iam.managed_policies (
Description,
Groups,
ManagedPolicyName,
Path,
PolicyDocument,
Roles,
Users,
region
)
SELECT
'{{ Description }}',
'{{ Groups }}',
'{{ ManagedPolicyName }}',
'{{ Path }}',
'{{ PolicyDocument }}',
'{{ Roles }}',
'{{ Users }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: managed_policy
props:
- name: Description
value: '{{ Description }}'
- name: Groups
value:
- '{{ Groups[0] }}'
- name: ManagedPolicyName
value: '{{ ManagedPolicyName }}'
- name: Path
value: '{{ Path }}'
- name: PolicyDocument
value: {}
- name: Roles
value:
- '{{ Roles[0] }}'
- name: Users
value:
- '{{ Users[0] }}'
DELETE
Example
/*+ delete */
DELETE FROM aws.iam.managed_policies
WHERE data__Identifier = '<PolicyArn>'
AND region = 'us-east-1';
Permissions
To operate on the managed_policies
resource, the following permissions are required:
Create
iam:CreatePolicy,
iam:AttachGroupPolicy,
iam:AttachUserPolicy,
iam:AttachRolePolicy
Delete
iam:DetachRolePolicy,
iam:GetPolicy,
iam:ListPolicyVersions,
iam:DetachGroupPolicy,
iam:DetachUserPolicy,
iam:DeletePolicyVersion,
iam:DeletePolicy,
iam:ListEntitiesForPolicy
List
iam:ListPolicies