IAM
AddClientIDToOpenIDConnectProvider
valid {
input.Body.OpenIDConnectProviderArn == STRING
input.Body.ClientID == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AddRoleToInstanceProfile
valid {
input.Body.InstanceProfileName == STRING
input.Body.RoleName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AddUserToGroup
valid {
input.Body.GroupName == STRING
input.Body.UserName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AttachGroupPolicy
valid {
input.Body.GroupName == STRING
input.Body.PolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AttachRolePolicy
valid {
input.Body.RoleName == STRING
input.Body.PolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AttachUserPolicy
valid {
input.Body.UserName == STRING
input.Body.PolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ChangePassword
valid {
input.Body.OldPassword == STRING
input.Body.NewPassword == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAccessKey
valid {
input.Body.UserName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAccountAlias
valid {
input.Body.AccountAlias == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateGroup
valid {
input.Body.Path == STRING
input.Body.GroupName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateInstanceProfile
valid {
input.Body.InstanceProfileName == STRING
input.Body.Path == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateLoginProfile
valid {
input.Body.UserName == STRING
input.Body.Password == STRING
input.Body.PasswordResetRequired == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateOpenIDConnectProvider
valid {
input.Body.Url == STRING
input.Body.ClientIDList[_] == STRING
input.Body.ThumbprintList[_] == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreatePolicy
valid {
input.Body.PolicyName == STRING
input.Body.Path == STRING
input.Body.PolicyDocument == STRING
input.Body.Description == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreatePolicyVersion
valid {
input.Body.PolicyArn == STRING
input.Body.PolicyDocument == STRING
input.Body.SetAsDefault == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateRole
valid {
input.Body.Path == STRING
input.Body.RoleName == STRING
input.Body.AssumeRolePolicyDocument == STRING
input.Body.Description == STRING
input.Body.MaxSessionDuration == INTEGER
input.Body.PermissionsBoundary == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateSAMLProvider
valid {
input.Body.SAMLMetadataDocument == STRING
input.Body.Name == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateServiceLinkedRole
valid {
input.Body.AWSServiceName == STRING
input.Body.Description == STRING
input.Body.CustomSuffix == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateServiceSpecificCredential
valid {
input.Body.UserName == STRING
input.Body.ServiceName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateUser
valid {
input.Body.Path == STRING
input.Body.UserName == STRING
input.Body.PermissionsBoundary == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateVirtualMFADevice
valid {
input.Body.Path == STRING
input.Body.VirtualMFADeviceName == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeactivateMFADevice
valid {
input.Body.UserName == STRING
input.Body.SerialNumber == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAccessKey
valid {
input.Body.UserName == STRING
input.Body.AccessKeyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAccountAlias
valid {
input.Body.AccountAlias == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAccountPasswordPolicy
valid {
input.Body.AccountAlias == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteGroup
valid {
input.Body.GroupName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteGroupPolicy
valid {
input.Body.GroupName == STRING
input.Body.PolicyName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteInstanceProfile
valid {
input.Body.InstanceProfileName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteLoginProfile
valid {
input.Body.UserName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteOpenIDConnectProvider
valid {
input.Body.OpenIDConnectProviderArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePolicy
valid {
input.Body.PolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePolicyVersion
valid {
input.Body.PolicyArn == STRING
input.Body.VersionId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteRole
valid {
input.Body.RoleName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteRolePermissionsBoundary
valid {
input.Body.RoleName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteRolePolicy
valid {
input.Body.RoleName == STRING
input.Body.PolicyName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteSAMLProvider
valid {
input.Body.SAMLProviderArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteSSHPublicKey
valid {
input.Body.UserName == STRING
input.Body.SSHPublicKeyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteServerCertificate
valid {
input.Body.ServerCertificateName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteServiceLinkedRole
valid {
input.Body.RoleName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteServiceSpecificCredential
valid {
input.Body.UserName == STRING
input.Body.ServiceSpecificCredentialId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteSigningCertificate
valid {
input.Body.UserName == STRING
input.Body.CertificateId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteUser
valid {
input.Body.UserName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteUserPermissionsBoundary
valid {
input.Body.UserName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteUserPolicy
valid {
input.Body.UserName == STRING
input.Body.PolicyName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteVirtualMFADevice
valid {
input.Body.SerialNumber == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DetachGroupPolicy
valid {
input.Body.GroupName == STRING
input.Body.PolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DetachRolePolicy
valid {
input.Body.RoleName == STRING
input.Body.PolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DetachUserPolicy
valid {
input.Body.UserName == STRING
input.Body.PolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisableOrganizationsRootCredentialsManagement
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisableOrganizationsRootSessions
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
EnableMFADevice
valid {
input.Body.UserName == STRING
input.Body.SerialNumber == STRING
input.Body.AuthenticationCode1 == STRING
input.Body.AuthenticationCode2 == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
EnableOrganizationsRootCredentialsManagement
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
EnableOrganizationsRootSessions
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GenerateCredentialReport
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GenerateOrganizationsAccessReport
valid {
input.Body.EntityPath == STRING
input.Body.OrganizationsPolicyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GenerateServiceLastAccessedDetails
enum_AccessAdvisorUsageGranularityType := [ "SERVICE_LEVEL", "ACTION_LEVEL" ]
valid {
input.Body.Arn == STRING
input.Body.Granularity == enum_AccessAdvisorUsageGranularityType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessKeyLastUsed
valid {
input.Body.AccessKeyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccountAuthorizationDetails
enum_EntityType := [ "User", "Role", "Group", "LocalManagedPolicy", "AWSManagedPolicy" ]
valid {
input.Body.Filter[_] == enum_EntityType[_]
input.Body.MaxItems == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccountPasswordPolicy
enum_EntityType := [ "User", "Role", "Group", "LocalManagedPolicy", "AWSManagedPolicy" ]
valid {
input.Body.Filter[_] == enum_EntityType[_]
input.Body.MaxItems == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccountSummary
enum_EntityType := [ "User", "Role", "Group", "LocalManagedPolicy", "AWSManagedPolicy" ]
valid {
input.Body.Filter[_] == enum_EntityType[_]
input.Body.MaxItems == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetContextKeysForCustomPolicy
valid {
input.Body.PolicyInputList[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetContextKeysForPrincipalPolicy
valid {
input.Body.PolicySourceArn == STRING
input.Body.PolicyInputList[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCredentialReport
valid {
input.Body.PolicySourceArn == STRING
input.Body.PolicyInputList[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetGroup
valid {
input.Body.GroupName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetGroupPolicy
valid {
input.Body.GroupName == STRING
input.Body.PolicyName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetInstanceProfile
valid {
input.Body.InstanceProfileName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetLoginProfile
valid {
input.Body.UserName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMFADevice
valid {
input.Body.SerialNumber == STRING
input.Body.UserName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetOpenIDConnectProvider
valid {
input.Body.OpenIDConnectProviderArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetOrganizationsAccessReport
enum_sortKeyType := [ "SERVICE_NAMESPACE_ASCENDING", "SERVICE_NAMESPACE_DESCENDING", "LAST_AUTHENTICATED_TIME_ASCENDING", "LAST_AUTHENTICATED_TIME_DESCENDING" ]
valid {
input.Body.JobId == STRING
input.Body.MaxItems == INTEGER
input.Body.Marker == STRING
input.Body.SortKey == enum_sortKeyType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetPolicy
valid {
input.Body.PolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetPolicyVersion
valid {
input.Body.PolicyArn == STRING
input.Body.VersionId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetRole
valid {
input.Body.RoleName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetRolePolicy
valid {
input.Body.RoleName == STRING
input.Body.PolicyName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSAMLProvider
valid {
input.Body.SAMLProviderArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSSHPublicKey
enum_encodingType := [ "SSH", "PEM" ]
valid {
input.Body.UserName == STRING
input.Body.SSHPublicKeyId == STRING
input.Body.Encoding == enum_encodingType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetServerCertificate
valid {
input.Body.ServerCertificateName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetServiceLastAccessedDetails
valid {
input.Body.JobId == STRING
input.Body.MaxItems == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetServiceLastAccessedDetailsWithEntities
valid {
input.Body.JobId == STRING
input.Body.ServiceNamespace == STRING
input.Body.MaxItems == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetServiceLinkedRoleDeletionStatus
valid {
input.Body.DeletionTaskId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetUser
valid {
input.Body.UserName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetUserPolicy
valid {
input.Body.UserName == STRING
input.Body.PolicyName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccessKeys
valid {
input.Body.UserName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccountAliases
valid {
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAttachedGroupPolicies
valid {
input.Body.GroupName == STRING
input.Body.PathPrefix == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAttachedRolePolicies
valid {
input.Body.RoleName == STRING
input.Body.PathPrefix == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAttachedUserPolicies
valid {
input.Body.UserName == STRING
input.Body.PathPrefix == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListEntitiesForPolicy
enum_EntityType := [ "User", "Role", "Group", "LocalManagedPolicy", "AWSManagedPolicy" ]
enum_PolicyUsageType := [ "PermissionsPolicy", "PermissionsBoundary" ]
valid {
input.Body.PolicyArn == STRING
input.Body.EntityFilter == enum_EntityType[_]
input.Body.PathPrefix == STRING
input.Body.PolicyUsageFilter == enum_PolicyUsageType[_]
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListGroupPolicies
valid {
input.Body.GroupName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListGroups
valid {
input.Body.PathPrefix == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListGroupsForUser
valid {
input.Body.UserName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListInstanceProfileTags
valid {
input.Body.InstanceProfileName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListInstanceProfiles
valid {
input.Body.PathPrefix == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListInstanceProfilesForRole
valid {
input.Body.RoleName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListMFADeviceTags
valid {
input.Body.SerialNumber == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListMFADevices
valid {
input.Body.UserName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListOpenIDConnectProviderTags
valid {
input.Body.OpenIDConnectProviderArn == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListOpenIDConnectProviders
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListOrganizationsFeatures
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPolicies
enum_PolicyUsageType := [ "PermissionsPolicy", "PermissionsBoundary" ]
enum_policyScopeType := [ "All", "AWS", "Local" ]
valid {
input.Body.Scope == enum_policyScopeType[_]
input.Body.OnlyAttached == BOOLEAN
input.Body.PathPrefix == STRING
input.Body.PolicyUsageFilter == enum_PolicyUsageType[_]
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPoliciesGrantingServiceAccess
valid {
input.Body.Marker == STRING
input.Body.Arn == STRING
input.Body.ServiceNamespaces[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPolicyTags
valid {
input.Body.PolicyArn == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPolicyVersions
valid {
input.Body.PolicyArn == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListRolePolicies
valid {
input.Body.RoleName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListRoleTags
valid {
input.Body.RoleName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListRoles
valid {
input.Body.PathPrefix == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListSAMLProviderTags
valid {
input.Body.SAMLProviderArn == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListSAMLProviders
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListSSHPublicKeys
valid {
input.Body.UserName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListServerCertificateTags
valid {
input.Body.ServerCertificateName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListServerCertificates
valid {
input.Body.PathPrefix == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListServiceSpecificCredentials
valid {
input.Body.UserName == STRING
input.Body.ServiceName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListSigningCertificates
valid {
input.Body.UserName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListUserPolicies
valid {
input.Body.UserName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListUserTags
valid {
input.Body.UserName == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListUsers
valid {
input.Body.PathPrefix == STRING
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListVirtualMFADevices
enum_assignmentStatusType := [ "Assigned", "Unassigned", "Any" ]
valid {
input.Body.AssignmentStatus == enum_assignmentStatusType[_]
input.Body.Marker == STRING
input.Body.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutGroupPolicy
valid {
input.Body.GroupName == STRING
input.Body.PolicyName == STRING
input.Body.PolicyDocument == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutRolePermissionsBoundary
valid {
input.Body.RoleName == STRING
input.Body.PermissionsBoundary == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutRolePolicy
valid {
input.Body.RoleName == STRING
input.Body.PolicyName == STRING
input.Body.PolicyDocument == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutUserPermissionsBoundary
valid {
input.Body.UserName == STRING
input.Body.PermissionsBoundary == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutUserPolicy
valid {
input.Body.UserName == STRING
input.Body.PolicyName == STRING
input.Body.PolicyDocument == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RemoveClientIDFromOpenIDConnectProvider
valid {
input.Body.OpenIDConnectProviderArn == STRING
input.Body.ClientID == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RemoveRoleFromInstanceProfile
valid {
input.Body.InstanceProfileName == STRING
input.Body.RoleName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RemoveUserFromGroup
valid {
input.Body.GroupName == STRING
input.Body.UserName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ResetServiceSpecificCredential
valid {
input.Body.UserName == STRING
input.Body.ServiceSpecificCredentialId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ResyncMFADevice
valid {
input.Body.UserName == STRING
input.Body.SerialNumber == STRING
input.Body.AuthenticationCode1 == STRING
input.Body.AuthenticationCode2 == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetDefaultPolicyVersion
valid {
input.Body.PolicyArn == STRING
input.Body.VersionId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetSecurityTokenServicePreferences
enum_globalEndpointTokenVersion := [ "v1Token", "v2Token" ]
valid {
input.Body.GlobalEndpointTokenVersion == enum_globalEndpointTokenVersion[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SimulateCustomPolicy
enum_ContextKeyTypeEnum := [ "string", "stringList", "numeric", "numericList", "boolean", "booleanList", "ip", "ipList", "binary", "binaryList", "date", "dateList" ]
valid {
input.Body.PolicyInputList[_] == STRING
input.Body.PermissionsBoundaryPolicyInputList[_] == STRING
input.Body.ActionNames[_] == STRING
input.Body.ResourceArns[_] == STRING
input.Body.ResourcePolicy == STRING
input.Body.ResourceOwner == STRING
input.Body.CallerArn == STRING
input.Body.ContextEntries[_].ContextKeyName == STRING
input.Body.ContextEntries[_].ContextKeyValues[_] == STRING
input.Body.ContextEntries[_].ContextKeyType == enum_ContextKeyTypeEnum[_]
input.Body.ResourceHandlingOption == STRING
input.Body.MaxItems == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SimulatePrincipalPolicy
enum_ContextKeyTypeEnum := [ "string", "stringList", "numeric", "numericList", "boolean", "booleanList", "ip", "ipList", "binary", "binaryList", "date", "dateList" ]
valid {
input.Body.PolicySourceArn == STRING
input.Body.PolicyInputList[_] == STRING
input.Body.PermissionsBoundaryPolicyInputList[_] == STRING
input.Body.ActionNames[_] == STRING
input.Body.ResourceArns[_] == STRING
input.Body.ResourcePolicy == STRING
input.Body.ResourceOwner == STRING
input.Body.CallerArn == STRING
input.Body.ContextEntries[_].ContextKeyName == STRING
input.Body.ContextEntries[_].ContextKeyValues[_] == STRING
input.Body.ContextEntries[_].ContextKeyType == enum_ContextKeyTypeEnum[_]
input.Body.ResourceHandlingOption == STRING
input.Body.MaxItems == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagInstanceProfile
valid {
input.Body.InstanceProfileName == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagMFADevice
valid {
input.Body.SerialNumber == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagOpenIDConnectProvider
valid {
input.Body.OpenIDConnectProviderArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagPolicy
valid {
input.Body.PolicyArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagRole
valid {
input.Body.RoleName == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagSAMLProvider
valid {
input.Body.SAMLProviderArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagServerCertificate
valid {
input.Body.ServerCertificateName == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagUser
valid {
input.Body.UserName == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagInstanceProfile
valid {
input.Body.InstanceProfileName == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagMFADevice
valid {
input.Body.SerialNumber == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagOpenIDConnectProvider
valid {
input.Body.OpenIDConnectProviderArn == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagPolicy
valid {
input.Body.PolicyArn == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagRole
valid {
input.Body.RoleName == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagSAMLProvider
valid {
input.Body.SAMLProviderArn == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagServerCertificate
valid {
input.Body.ServerCertificateName == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagUser
valid {
input.Body.UserName == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAccessKey
enum_statusType := [ "Active", "Inactive" ]
valid {
input.Body.UserName == STRING
input.Body.AccessKeyId == STRING
input.Body.Status == enum_statusType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAccountPasswordPolicy
valid {
input.Body.MinimumPasswordLength == INTEGER
input.Body.RequireSymbols == BOOLEAN
input.Body.RequireNumbers == BOOLEAN
input.Body.RequireUppercaseCharacters == BOOLEAN
input.Body.RequireLowercaseCharacters == BOOLEAN
input.Body.AllowUsersToChangePassword == BOOLEAN
input.Body.MaxPasswordAge == INTEGER
input.Body.PasswordReusePrevention == INTEGER
input.Body.HardExpiry == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAssumeRolePolicy
valid {
input.Body.RoleName == STRING
input.Body.PolicyDocument == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateGroup
valid {
input.Body.GroupName == STRING
input.Body.NewPath == STRING
input.Body.NewGroupName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateLoginProfile
valid {
input.Body.UserName == STRING
input.Body.Password == STRING
input.Body.PasswordResetRequired == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateOpenIDConnectProviderThumbprint
valid {
input.Body.OpenIDConnectProviderArn == STRING
input.Body.ThumbprintList[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateRole
valid {
input.Body.RoleName == STRING
input.Body.Description == STRING
input.Body.MaxSessionDuration == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateRoleDescription
valid {
input.Body.RoleName == STRING
input.Body.Description == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateSAMLProvider
valid {
input.Body.SAMLMetadataDocument == STRING
input.Body.SAMLProviderArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateSSHPublicKey
enum_statusType := [ "Active", "Inactive" ]
valid {
input.Body.UserName == STRING
input.Body.SSHPublicKeyId == STRING
input.Body.Status == enum_statusType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateServerCertificate
valid {
input.Body.ServerCertificateName == STRING
input.Body.NewPath == STRING
input.Body.NewServerCertificateName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateServiceSpecificCredential
enum_statusType := [ "Active", "Inactive" ]
valid {
input.Body.UserName == STRING
input.Body.ServiceSpecificCredentialId == STRING
input.Body.Status == enum_statusType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateSigningCertificate
enum_statusType := [ "Active", "Inactive" ]
valid {
input.Body.UserName == STRING
input.Body.CertificateId == STRING
input.Body.Status == enum_statusType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateUser
valid {
input.Body.UserName == STRING
input.Body.NewPath == STRING
input.Body.NewUserName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UploadSSHPublicKey
valid {
input.Body.UserName == STRING
input.Body.SSHPublicKeyBody == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UploadServerCertificate
valid {
input.Body.Path == STRING
input.Body.ServerCertificateName == STRING
input.Body.CertificateBody == STRING
input.Body.PrivateKey == STRING
input.Body.CertificateChain == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UploadSigningCertificate
valid {
input.Body.UserName == STRING
input.Body.CertificateBody == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated about 16 hours ago