Guides

RAM

docs.aws.amazon.com
AWS documentation

AcceptResourceShareInvitation

valid {
    input.Body.resourceShareInvitationArn == STRING
    input.Body.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssociateResourceShare

valid {
    input.Body.resourceShareArn == STRING
    input.Body.resourceArns[_] == STRING
    input.Body.principals[_] == STRING
    input.Body.clientToken == STRING
    input.Body.sources[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssociateResourceSharePermission

valid {
    input.Body.resourceShareArn == STRING
    input.Body.permissionArn == STRING
    input.Body.replace == BOOLEAN
    input.Body.clientToken == STRING
    input.Body.permissionVersion == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePermission

valid {
    input.Body.name == STRING
    input.Body.resourceType == STRING
    input.Body.policyTemplate == STRING
    input.Body.clientToken == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePermissionVersion

valid {
    input.Body.permissionArn == STRING
    input.Body.policyTemplate == STRING
    input.Body.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateResourceShare

valid {
    input.Body.name == STRING
    input.Body.resourceArns[_] == STRING
    input.Body.principals[_] == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.Body.allowExternalPrincipals == BOOLEAN
    input.Body.clientToken == STRING
    input.Body.permissionArns[_] == STRING
    input.Body.sources[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePermission

valid {
    input.Qs.permissionArn == STRING
    input.Qs.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePermissionVersion

valid {
    input.Qs.permissionArn == STRING
    input.Qs.permissionVersion == INTEGER
    input.Qs.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteResourceShare

valid {
    input.Qs.resourceShareArn == STRING
    input.Qs.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateResourceShare

valid {
    input.Body.resourceShareArn == STRING
    input.Body.resourceArns[_] == STRING
    input.Body.principals[_] == STRING
    input.Body.clientToken == STRING
    input.Body.sources[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateResourceSharePermission

valid {
    input.Body.resourceShareArn == STRING
    input.Body.permissionArn == STRING
    input.Body.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableSharingWithAwsOrganization

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPermission

valid {
    input.Body.permissionArn == STRING
    input.Body.permissionVersion == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetResourcePolicies

valid {
    input.Body.resourceArns[_] == STRING
    input.Body.principal == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetResourceShareAssociations

enum_ResourceShareAssociationStatus := [ "ASSOCIATING", "ASSOCIATED", "FAILED", "DISASSOCIATING", "DISASSOCIATED" ]
enum_ResourceShareAssociationType := [ "PRINCIPAL", "RESOURCE" ]

valid {
    input.Body.associationType == enum_ResourceShareAssociationType[_]
    input.Body.resourceShareArns[_] == STRING
    input.Body.resourceArn == STRING
    input.Body.principal == STRING
    input.Body.associationStatus == enum_ResourceShareAssociationStatus[_]
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetResourceShareInvitations

valid {
    input.Body.resourceShareInvitationArns[_] == STRING
    input.Body.resourceShareArns[_] == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetResourceShares

enum_ResourceOwner := [ "SELF", "OTHER-ACCOUNTS" ]
enum_ResourceShareStatus := [ "PENDING", "ACTIVE", "FAILED", "DELETING", "DELETED" ]

valid {
    input.Body.resourceShareArns[_] == STRING
    input.Body.resourceShareStatus == enum_ResourceShareStatus[_]
    input.Body.resourceOwner == enum_ResourceOwner[_]
    input.Body.name == STRING
    input.Body.tagFilters[_].tagKey == STRING
    input.Body.tagFilters[_].tagValues[_] == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.Body.permissionArn == STRING
    input.Body.permissionVersion == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPendingInvitationResources

enum_ResourceRegionScopeFilter := [ "ALL", "REGIONAL", "GLOBAL" ]

valid {
    input.Body.resourceShareInvitationArn == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.Body.resourceRegionScope == enum_ResourceRegionScopeFilter[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPermissionAssociations

enum_PermissionFeatureSet := [ "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD" ]
enum_ResourceShareAssociationStatus := [ "ASSOCIATING", "ASSOCIATED", "FAILED", "DISASSOCIATING", "DISASSOCIATED" ]

valid {
    input.Body.permissionArn == STRING
    input.Body.permissionVersion == INTEGER
    input.Body.associationStatus == enum_ResourceShareAssociationStatus[_]
    input.Body.resourceType == STRING
    input.Body.featureSet == enum_PermissionFeatureSet[_]
    input.Body.defaultVersion == BOOLEAN
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPermissionVersions

valid {
    input.Body.permissionArn == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPermissions

enum_PermissionTypeFilter := [ "ALL", "AWS_MANAGED", "CUSTOMER_MANAGED" ]

valid {
    input.Body.resourceType == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.Body.permissionType == enum_PermissionTypeFilter[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPrincipals

enum_ResourceOwner := [ "SELF", "OTHER-ACCOUNTS" ]

valid {
    input.Body.resourceOwner == enum_ResourceOwner[_]
    input.Body.resourceArn == STRING
    input.Body.principals[_] == STRING
    input.Body.resourceType == STRING
    input.Body.resourceShareArns[_] == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListReplacePermissionAssociationsWork

enum_ReplacePermissionAssociationsWorkStatus := [ "IN_PROGRESS", "COMPLETED", "FAILED" ]

valid {
    input.Body.workIds[_] == STRING
    input.Body.status == enum_ReplacePermissionAssociationsWorkStatus[_]
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListResourceSharePermissions

valid {
    input.Body.resourceShareArn == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListResourceTypes

enum_ResourceRegionScopeFilter := [ "ALL", "REGIONAL", "GLOBAL" ]

valid {
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.Body.resourceRegionScope == enum_ResourceRegionScopeFilter[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListResources

enum_ResourceOwner := [ "SELF", "OTHER-ACCOUNTS" ]
enum_ResourceRegionScopeFilter := [ "ALL", "REGIONAL", "GLOBAL" ]

valid {
    input.Body.resourceOwner == enum_ResourceOwner[_]
    input.Body.principal == STRING
    input.Body.resourceType == STRING
    input.Body.resourceArns[_] == STRING
    input.Body.resourceShareArns[_] == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.Body.resourceRegionScope == enum_ResourceRegionScopeFilter[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PromotePermissionCreatedFromPolicy

valid {
    input.Body.permissionArn == STRING
    input.Body.name == STRING
    input.Body.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PromoteResourceShareCreatedFromPolicy

valid {
    input.Qs.resourceShareArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RejectResourceShareInvitation

valid {
    input.Body.resourceShareInvitationArn == STRING
    input.Body.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ReplacePermissionAssociations

valid {
    input.Body.fromPermissionArn == STRING
    input.Body.fromPermissionVersion == INTEGER
    input.Body.toPermissionArn == STRING
    input.Body.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetDefaultPermissionVersion

valid {
    input.Body.permissionArn == STRING
    input.Body.permissionVersion == INTEGER
    input.Body.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.resourceShareArn == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.Body.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.Body.resourceShareArn == STRING
    input.Body.tagKeys[_] == STRING
    input.Body.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateResourceShare

valid {
    input.Body.resourceShareArn == STRING
    input.Body.name == STRING
    input.Body.allowExternalPrincipals == BOOLEAN
    input.Body.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}