IAM

docs.aws.amazon.com

AddClientIDToOpenIDConnectProvider

valid {
    input.Body.OpenIDConnectProviderArn == STRING
    input.Body.ClientID == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AddRoleToInstanceProfile

valid {
    input.Body.InstanceProfileName == STRING
    input.Body.RoleName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AddUserToGroup

valid {
    input.Body.GroupName == STRING
    input.Body.UserName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachGroupPolicy

valid {
    input.Body.GroupName == STRING
    input.Body.PolicyArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachRolePolicy

valid {
    input.Body.RoleName == STRING
    input.Body.PolicyArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachUserPolicy

valid {
    input.Body.UserName == STRING
    input.Body.PolicyArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ChangePassword

valid {
    input.Body.OldPassword == STRING
    input.Body.NewPassword == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateAccessKey

valid {
    input.Body.UserName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateAccountAlias

valid {
    input.Body.AccountAlias == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDelegationRequest

enum_PolicyParameterTypeEnum := [ "string", "stringList" ]

valid {
    input.Body.OwnerAccountId == STRING
    input.Body.Description == STRING
    input.Body.Permissions.PolicyTemplateArn == STRING
    input.Body.Permissions.Parameters[_].Name == STRING
    input.Body.Permissions.Parameters[_].Values[_] == STRING
    input.Body.Permissions.Parameters[_].Type == enum_PolicyParameterTypeEnum[_]
    input.Body.RequestMessage == STRING
    input.Body.RequestorWorkflowId == STRING
    input.Body.RedirectUrl == STRING
    input.Body.NotificationChannel == STRING
    input.Body.SessionDuration == INTEGER
    input.Body.OnlySendByOwner == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateGroup

valid {
    input.Body.Path == STRING
    input.Body.GroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateInstanceProfile

valid {
    input.Body.InstanceProfileName == STRING
    input.Body.Path == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateLoginProfile

valid {
    input.Body.UserName == STRING
    input.Body.Password == STRING
    input.Body.PasswordResetRequired == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateOpenIDConnectProvider

valid {
    input.Body.Url == STRING
    input.Body.ClientIDList[_] == STRING
    input.Body.ThumbprintList[_] == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePolicy

valid {
    input.Body.PolicyName == STRING
    input.Body.Path == STRING
    input.Body.PolicyDocument == STRING
    input.Body.Description == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePolicyVersion

valid {
    input.Body.PolicyArn == STRING
    input.Body.PolicyDocument == STRING
    input.Body.SetAsDefault == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateRole

valid {
    input.Body.Path == STRING
    input.Body.RoleName == STRING
    input.Body.AssumeRolePolicyDocument == STRING
    input.Body.Description == STRING
    input.Body.MaxSessionDuration == INTEGER
    input.Body.PermissionsBoundary == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateSAMLProvider

enum_assertionEncryptionModeType := [ "Required", "Allowed" ]

valid {
    input.Body.SAMLMetadataDocument == STRING
    input.Body.Name == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.Body.AssertionEncryptionMode == enum_assertionEncryptionModeType[_]
    input.Body.AddPrivateKey == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateServiceLinkedRole

valid {
    input.Body.AWSServiceName == STRING
    input.Body.Description == STRING
    input.Body.CustomSuffix == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateServiceSpecificCredential

valid {
    input.Body.UserName == STRING
    input.Body.ServiceName == STRING
    input.Body.CredentialAgeDays == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateUser

valid {
    input.Body.Path == STRING
    input.Body.UserName == STRING
    input.Body.PermissionsBoundary == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateVirtualMFADevice

valid {
    input.Body.Path == STRING
    input.Body.VirtualMFADeviceName == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeactivateMFADevice

valid {
    input.Body.UserName == STRING
    input.Body.SerialNumber == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAccessKey

valid {
    input.Body.UserName == STRING
    input.Body.AccessKeyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAccountAlias

valid {
    input.Body.AccountAlias == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAccountPasswordPolicy

valid {
    input.Body.AccountAlias == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteGroup

valid {
    input.Body.GroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteGroupPolicy

valid {
    input.Body.GroupName == STRING
    input.Body.PolicyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteInstanceProfile

valid {
    input.Body.InstanceProfileName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteLoginProfile

valid {
    input.Body.UserName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteOpenIDConnectProvider

valid {
    input.Body.OpenIDConnectProviderArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePolicy

valid {
    input.Body.PolicyArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePolicyVersion

valid {
    input.Body.PolicyArn == STRING
    input.Body.VersionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRole

valid {
    input.Body.RoleName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRolePermissionsBoundary

valid {
    input.Body.RoleName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRolePolicy

valid {
    input.Body.RoleName == STRING
    input.Body.PolicyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteSAMLProvider

valid {
    input.Body.SAMLProviderArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteSSHPublicKey

valid {
    input.Body.UserName == STRING
    input.Body.SSHPublicKeyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteServerCertificate

valid {
    input.Body.ServerCertificateName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteServiceLinkedRole

valid {
    input.Body.RoleName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteServiceSpecificCredential

valid {
    input.Body.UserName == STRING
    input.Body.ServiceSpecificCredentialId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteSigningCertificate

valid {
    input.Body.UserName == STRING
    input.Body.CertificateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteUser

valid {
    input.Body.UserName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteUserPermissionsBoundary

valid {
    input.Body.UserName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteUserPolicy

valid {
    input.Body.UserName == STRING
    input.Body.PolicyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteVirtualMFADevice

valid {
    input.Body.SerialNumber == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DetachGroupPolicy

valid {
    input.Body.GroupName == STRING
    input.Body.PolicyArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DetachRolePolicy

valid {
    input.Body.RoleName == STRING
    input.Body.PolicyArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DetachUserPolicy

valid {
    input.Body.UserName == STRING
    input.Body.PolicyArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableOrganizationsRootCredentialsManagement

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableOrganizationsRootSessions

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableMFADevice

valid {
    input.Body.UserName == STRING
    input.Body.SerialNumber == STRING
    input.Body.AuthenticationCode1 == STRING
    input.Body.AuthenticationCode2 == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableOrganizationsRootCredentialsManagement

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableOrganizationsRootSessions

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GenerateCredentialReport

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GenerateOrganizationsAccessReport

valid {
    input.Body.EntityPath == STRING
    input.Body.OrganizationsPolicyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GenerateServiceLastAccessedDetails

enum_AccessAdvisorUsageGranularityType := [ "SERVICE_LEVEL", "ACTION_LEVEL" ]

valid {
    input.Body.Arn == STRING
    input.Body.Granularity == enum_AccessAdvisorUsageGranularityType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetAccessKeyLastUsed

valid {
    input.Body.AccessKeyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetAccountAuthorizationDetails

enum_EntityType := [ "User", "Role", "Group", "LocalManagedPolicy", "AWSManagedPolicy" ]

valid {
    input.Body.Filter[_] == enum_EntityType[_]
    input.Body.MaxItems == INTEGER
    input.Body.Marker == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetAccountPasswordPolicy

enum_EntityType := [ "User", "Role", "Group", "LocalManagedPolicy", "AWSManagedPolicy" ]

valid {
    input.Body.Filter[_] == enum_EntityType[_]
    input.Body.MaxItems == INTEGER
    input.Body.Marker == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetAccountSummary

enum_EntityType := [ "User", "Role", "Group", "LocalManagedPolicy", "AWSManagedPolicy" ]

valid {
    input.Body.Filter[_] == enum_EntityType[_]
    input.Body.MaxItems == INTEGER
    input.Body.Marker == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetContextKeysForCustomPolicy

valid {
    input.Body.PolicyInputList[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetContextKeysForPrincipalPolicy

valid {
    input.Body.PolicySourceArn == STRING
    input.Body.PolicyInputList[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCredentialReport

valid {
    input.Body.PolicySourceArn == STRING
    input.Body.PolicyInputList[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetGroup

valid {
    input.Body.GroupName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetGroupPolicy

valid {
    input.Body.GroupName == STRING
    input.Body.PolicyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetInstanceProfile

valid {
    input.Body.InstanceProfileName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetLoginProfile

valid {
    input.Body.UserName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetMFADevice

valid {
    input.Body.SerialNumber == STRING
    input.Body.UserName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetOpenIDConnectProvider

valid {
    input.Body.OpenIDConnectProviderArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetOrganizationsAccessReport

enum_sortKeyType := [ "SERVICE_NAMESPACE_ASCENDING", "SERVICE_NAMESPACE_DESCENDING", "LAST_AUTHENTICATED_TIME_ASCENDING", "LAST_AUTHENTICATED_TIME_DESCENDING" ]

valid {
    input.Body.JobId == STRING
    input.Body.MaxItems == INTEGER
    input.Body.Marker == STRING
    input.Body.SortKey == enum_sortKeyType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPolicy

valid {
    input.Body.PolicyArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPolicyVersion

valid {
    input.Body.PolicyArn == STRING
    input.Body.VersionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRole

valid {
    input.Body.RoleName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRolePolicy

valid {
    input.Body.RoleName == STRING
    input.Body.PolicyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetSAMLProvider

valid {
    input.Body.SAMLProviderArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetSSHPublicKey

enum_encodingType := [ "SSH", "PEM" ]

valid {
    input.Body.UserName == STRING
    input.Body.SSHPublicKeyId == STRING
    input.Body.Encoding == enum_encodingType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetServerCertificate

valid {
    input.Body.ServerCertificateName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetServiceLastAccessedDetails

valid {
    input.Body.JobId == STRING
    input.Body.MaxItems == INTEGER
    input.Body.Marker == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetServiceLastAccessedDetailsWithEntities

valid {
    input.Body.JobId == STRING
    input.Body.ServiceNamespace == STRING
    input.Body.MaxItems == INTEGER
    input.Body.Marker == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetServiceLinkedRoleDeletionStatus

valid {
    input.Body.DeletionTaskId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetUser

valid {
    input.Body.UserName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetUserPolicy

valid {
    input.Body.UserName == STRING
    input.Body.PolicyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAccessKeys

valid {
    input.Body.UserName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAccountAliases

valid {
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAttachedGroupPolicies

valid {
    input.Body.GroupName == STRING
    input.Body.PathPrefix == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAttachedRolePolicies

valid {
    input.Body.RoleName == STRING
    input.Body.PathPrefix == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAttachedUserPolicies

valid {
    input.Body.UserName == STRING
    input.Body.PathPrefix == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListEntitiesForPolicy

enum_EntityType := [ "User", "Role", "Group", "LocalManagedPolicy", "AWSManagedPolicy" ]
enum_PolicyUsageType := [ "PermissionsPolicy", "PermissionsBoundary" ]

valid {
    input.Body.PolicyArn == STRING
    input.Body.EntityFilter == enum_EntityType[_]
    input.Body.PathPrefix == STRING
    input.Body.PolicyUsageFilter == enum_PolicyUsageType[_]
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListGroupPolicies

valid {
    input.Body.GroupName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListGroups

valid {
    input.Body.PathPrefix == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListGroupsForUser

valid {
    input.Body.UserName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListInstanceProfileTags

valid {
    input.Body.InstanceProfileName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListInstanceProfiles

valid {
    input.Body.PathPrefix == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListInstanceProfilesForRole

valid {
    input.Body.RoleName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListMFADeviceTags

valid {
    input.Body.SerialNumber == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListMFADevices

valid {
    input.Body.UserName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListOpenIDConnectProviderTags

valid {
    input.Body.OpenIDConnectProviderArn == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListOpenIDConnectProviders

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListOrganizationsFeatures

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPolicies

enum_PolicyUsageType := [ "PermissionsPolicy", "PermissionsBoundary" ]
enum_policyScopeType := [ "All", "AWS", "Local" ]

valid {
    input.Body.Scope == enum_policyScopeType[_]
    input.Body.OnlyAttached == BOOLEAN
    input.Body.PathPrefix == STRING
    input.Body.PolicyUsageFilter == enum_PolicyUsageType[_]
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPoliciesGrantingServiceAccess

valid {
    input.Body.Marker == STRING
    input.Body.Arn == STRING
    input.Body.ServiceNamespaces[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPolicyTags

valid {
    input.Body.PolicyArn == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPolicyVersions

valid {
    input.Body.PolicyArn == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListRolePolicies

valid {
    input.Body.RoleName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListRoleTags

valid {
    input.Body.RoleName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListRoles

valid {
    input.Body.PathPrefix == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListSAMLProviderTags

valid {
    input.Body.SAMLProviderArn == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListSAMLProviders

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListSSHPublicKeys

valid {
    input.Body.UserName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListServerCertificateTags

valid {
    input.Body.ServerCertificateName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListServerCertificates

valid {
    input.Body.PathPrefix == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListServiceSpecificCredentials

valid {
    input.Body.UserName == STRING
    input.Body.ServiceName == STRING
    input.Body.AllUsers == BOOLEAN
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListSigningCertificates

valid {
    input.Body.UserName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListUserPolicies

valid {
    input.Body.UserName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListUserTags

valid {
    input.Body.UserName == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListUsers

valid {
    input.Body.PathPrefix == STRING
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListVirtualMFADevices

enum_assignmentStatusType := [ "Assigned", "Unassigned", "Any" ]

valid {
    input.Body.AssignmentStatus == enum_assignmentStatusType[_]
    input.Body.Marker == STRING
    input.Body.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutGroupPolicy

valid {
    input.Body.GroupName == STRING
    input.Body.PolicyName == STRING
    input.Body.PolicyDocument == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutRolePermissionsBoundary

valid {
    input.Body.RoleName == STRING
    input.Body.PermissionsBoundary == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutRolePolicy

valid {
    input.Body.RoleName == STRING
    input.Body.PolicyName == STRING
    input.Body.PolicyDocument == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutUserPermissionsBoundary

valid {
    input.Body.UserName == STRING
    input.Body.PermissionsBoundary == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutUserPolicy

valid {
    input.Body.UserName == STRING
    input.Body.PolicyName == STRING
    input.Body.PolicyDocument == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveClientIDFromOpenIDConnectProvider

valid {
    input.Body.OpenIDConnectProviderArn == STRING
    input.Body.ClientID == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveRoleFromInstanceProfile

valid {
    input.Body.InstanceProfileName == STRING
    input.Body.RoleName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveUserFromGroup

valid {
    input.Body.GroupName == STRING
    input.Body.UserName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ResetServiceSpecificCredential

valid {
    input.Body.UserName == STRING
    input.Body.ServiceSpecificCredentialId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ResyncMFADevice

valid {
    input.Body.UserName == STRING
    input.Body.SerialNumber == STRING
    input.Body.AuthenticationCode1 == STRING
    input.Body.AuthenticationCode2 == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetDefaultPolicyVersion

valid {
    input.Body.PolicyArn == STRING
    input.Body.VersionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetSecurityTokenServicePreferences

enum_globalEndpointTokenVersion := [ "v1Token", "v2Token" ]

valid {
    input.Body.GlobalEndpointTokenVersion == enum_globalEndpointTokenVersion[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SimulateCustomPolicy

enum_ContextKeyTypeEnum := [ "string", "stringList", "numeric", "numericList", "boolean", "booleanList", "ip", "ipList", "binary", "binaryList", "date", "dateList" ]

valid {
    input.Body.PolicyInputList[_] == STRING
    input.Body.PermissionsBoundaryPolicyInputList[_] == STRING
    input.Body.ActionNames[_] == STRING
    input.Body.ResourceArns[_] == STRING
    input.Body.ResourcePolicy == STRING
    input.Body.ResourceOwner == STRING
    input.Body.CallerArn == STRING
    input.Body.ContextEntries[_].ContextKeyName == STRING
    input.Body.ContextEntries[_].ContextKeyValues[_] == STRING
    input.Body.ContextEntries[_].ContextKeyType == enum_ContextKeyTypeEnum[_]
    input.Body.ResourceHandlingOption == STRING
    input.Body.MaxItems == INTEGER
    input.Body.Marker == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SimulatePrincipalPolicy

enum_ContextKeyTypeEnum := [ "string", "stringList", "numeric", "numericList", "boolean", "booleanList", "ip", "ipList", "binary", "binaryList", "date", "dateList" ]

valid {
    input.Body.PolicySourceArn == STRING
    input.Body.PolicyInputList[_] == STRING
    input.Body.PermissionsBoundaryPolicyInputList[_] == STRING
    input.Body.ActionNames[_] == STRING
    input.Body.ResourceArns[_] == STRING
    input.Body.ResourcePolicy == STRING
    input.Body.ResourceOwner == STRING
    input.Body.CallerArn == STRING
    input.Body.ContextEntries[_].ContextKeyName == STRING
    input.Body.ContextEntries[_].ContextKeyValues[_] == STRING
    input.Body.ContextEntries[_].ContextKeyType == enum_ContextKeyTypeEnum[_]
    input.Body.ResourceHandlingOption == STRING
    input.Body.MaxItems == INTEGER
    input.Body.Marker == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagInstanceProfile

valid {
    input.Body.InstanceProfileName == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagMFADevice

valid {
    input.Body.SerialNumber == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagOpenIDConnectProvider

valid {
    input.Body.OpenIDConnectProviderArn == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagPolicy

valid {
    input.Body.PolicyArn == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagRole

valid {
    input.Body.RoleName == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagSAMLProvider

valid {
    input.Body.SAMLProviderArn == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagServerCertificate

valid {
    input.Body.ServerCertificateName == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagUser

valid {
    input.Body.UserName == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagInstanceProfile

valid {
    input.Body.InstanceProfileName == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagMFADevice

valid {
    input.Body.SerialNumber == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagOpenIDConnectProvider

valid {
    input.Body.OpenIDConnectProviderArn == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagPolicy

valid {
    input.Body.PolicyArn == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagRole

valid {
    input.Body.RoleName == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagSAMLProvider

valid {
    input.Body.SAMLProviderArn == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagServerCertificate

valid {
    input.Body.ServerCertificateName == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagUser

valid {
    input.Body.UserName == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateAccessKey

enum_statusType := [ "Active", "Inactive", "Expired" ]

valid {
    input.Body.UserName == STRING
    input.Body.AccessKeyId == STRING
    input.Body.Status == enum_statusType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateAccountPasswordPolicy

valid {
    input.Body.MinimumPasswordLength == INTEGER
    input.Body.RequireSymbols == BOOLEAN
    input.Body.RequireNumbers == BOOLEAN
    input.Body.RequireUppercaseCharacters == BOOLEAN
    input.Body.RequireLowercaseCharacters == BOOLEAN
    input.Body.AllowUsersToChangePassword == BOOLEAN
    input.Body.MaxPasswordAge == INTEGER
    input.Body.PasswordReusePrevention == INTEGER
    input.Body.HardExpiry == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateAssumeRolePolicy

valid {
    input.Body.RoleName == STRING
    input.Body.PolicyDocument == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateGroup

valid {
    input.Body.GroupName == STRING
    input.Body.NewPath == STRING
    input.Body.NewGroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateLoginProfile

valid {
    input.Body.UserName == STRING
    input.Body.Password == STRING
    input.Body.PasswordResetRequired == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateOpenIDConnectProviderThumbprint

valid {
    input.Body.OpenIDConnectProviderArn == STRING
    input.Body.ThumbprintList[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateRole

valid {
    input.Body.RoleName == STRING
    input.Body.Description == STRING
    input.Body.MaxSessionDuration == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateRoleDescription

valid {
    input.Body.RoleName == STRING
    input.Body.Description == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateSAMLProvider

enum_assertionEncryptionModeType := [ "Required", "Allowed" ]

valid {
    input.Body.SAMLMetadataDocument == STRING
    input.Body.SAMLProviderArn == STRING
    input.Body.AssertionEncryptionMode == enum_assertionEncryptionModeType[_]
    input.Body.AddPrivateKey == STRING
    input.Body.RemovePrivateKey == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateSSHPublicKey

enum_statusType := [ "Active", "Inactive", "Expired" ]

valid {
    input.Body.UserName == STRING
    input.Body.SSHPublicKeyId == STRING
    input.Body.Status == enum_statusType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateServerCertificate

valid {
    input.Body.ServerCertificateName == STRING
    input.Body.NewPath == STRING
    input.Body.NewServerCertificateName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateServiceSpecificCredential

enum_statusType := [ "Active", "Inactive", "Expired" ]

valid {
    input.Body.UserName == STRING
    input.Body.ServiceSpecificCredentialId == STRING
    input.Body.Status == enum_statusType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateSigningCertificate

enum_statusType := [ "Active", "Inactive", "Expired" ]

valid {
    input.Body.UserName == STRING
    input.Body.CertificateId == STRING
    input.Body.Status == enum_statusType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateUser

valid {
    input.Body.UserName == STRING
    input.Body.NewPath == STRING
    input.Body.NewUserName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UploadSSHPublicKey

valid {
    input.Body.UserName == STRING
    input.Body.SSHPublicKeyBody == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UploadServerCertificate

valid {
    input.Body.Path == STRING
    input.Body.ServerCertificateName == STRING
    input.Body.CertificateBody == STRING
    input.Body.PrivateKey == STRING
    input.Body.CertificateChain == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UploadSigningCertificate

valid {
    input.Body.UserName == STRING
    input.Body.CertificateBody == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}