SECRETSMANAGER
BatchGetSecretValue
enum_FilterNameStringType := [ "description", "name", "tag-key", "tag-value", "primary-region", "owning-service", "all" ]
valid {
input.Body.SecretIdList[_] == STRING
input.Body.Filters[_].Key == enum_FilterNameStringType[_]
input.Body.Filters[_].Values[_] == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CancelRotateSecret
valid {
input.Body.SecretId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateSecret
valid {
input.Body.Name == STRING
input.Body.ClientRequestToken == STRING
input.Body.Description == STRING
input.Body.KmsKeyId == STRING
input.Body.SecretBinary == BLOB
input.Body.SecretString == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.Body.AddReplicaRegions[_].Region == STRING
input.Body.AddReplicaRegions[_].KmsKeyId == STRING
input.Body.ForceOverwriteReplicaSecret == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteResourcePolicy
valid {
input.Body.SecretId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteSecret
valid {
input.Body.SecretId == STRING
input.Body.RecoveryWindowInDays == LONG
input.Body.ForceDeleteWithoutRecovery == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeSecret
valid {
input.Body.SecretId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetRandomPassword
valid {
input.Body.PasswordLength == LONG
input.Body.ExcludeCharacters == STRING
input.Body.ExcludeNumbers == BOOLEAN
input.Body.ExcludePunctuation == BOOLEAN
input.Body.ExcludeUppercase == BOOLEAN
input.Body.ExcludeLowercase == BOOLEAN
input.Body.IncludeSpace == BOOLEAN
input.Body.RequireEachIncludedType == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetResourcePolicy
valid {
input.Body.SecretId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSecretValue
valid {
input.Body.SecretId == STRING
input.Body.VersionId == STRING
input.Body.VersionStage == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListSecretVersionIds
valid {
input.Body.SecretId == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.IncludeDeprecated == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListSecrets
enum_FilterNameStringType := [ "description", "name", "tag-key", "tag-value", "primary-region", "owning-service", "all" ]
enum_SortOrderType := [ "asc", "desc" ]
valid {
input.Body.IncludePlannedDeletion == BOOLEAN
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.Body.Filters[_].Key == enum_FilterNameStringType[_]
input.Body.Filters[_].Values[_] == STRING
input.Body.SortOrder == enum_SortOrderType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutResourcePolicy
valid {
input.Body.SecretId == STRING
input.Body.ResourcePolicy == STRING
input.Body.BlockPublicPolicy == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutSecretValue
valid {
input.Body.SecretId == STRING
input.Body.ClientRequestToken == STRING
input.Body.SecretBinary == BLOB
input.Body.SecretString == STRING
input.Body.VersionStages[_] == STRING
input.Body.RotationToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RemoveRegionsFromReplication
valid {
input.Body.SecretId == STRING
input.Body.RemoveReplicaRegions[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ReplicateSecretToRegions
valid {
input.Body.SecretId == STRING
input.Body.AddReplicaRegions[_].Region == STRING
input.Body.AddReplicaRegions[_].KmsKeyId == STRING
input.Body.ForceOverwriteReplicaSecret == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RestoreSecret
valid {
input.Body.SecretId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RotateSecret
valid {
input.Body.SecretId == STRING
input.Body.ClientRequestToken == STRING
input.Body.RotationLambdaARN == STRING
input.Body.RotationRules.AutomaticallyAfterDays == LONG
input.Body.RotationRules.Duration == STRING
input.Body.RotationRules.ScheduleExpression == STRING
input.Body.RotateImmediately == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StopReplicationToReplica
valid {
input.Body.SecretId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.SecretId == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.Body.SecretId == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateSecret
valid {
input.Body.SecretId == STRING
input.Body.ClientRequestToken == STRING
input.Body.Description == STRING
input.Body.KmsKeyId == STRING
input.Body.SecretBinary == BLOB
input.Body.SecretString == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateSecretVersionStage
valid {
input.Body.SecretId == STRING
input.Body.VersionStage == STRING
input.Body.RemoveFromVersionId == STRING
input.Body.MoveToVersionId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ValidateResourcePolicy
valid {
input.Body.SecretId == STRING
input.Body.ResourcePolicy == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated about 1 month ago