ServiceLinkedRole
iam.services.k8s.aws/v1alpha1
| Type | Link |
|---|---|
| GoDoc | iam-controller/apis/v1alpha1#ServiceLinkedRole |
Metadata
| Property | Value |
|---|---|
| Scope | Namespaced |
| Kind | ServiceLinkedRole |
| ListKind | ServiceLinkedRoleList |
| Plural | servicelinkedroles |
| Singular | servicelinkedrole |
Spec
awsServiceName: string
customSuffix: string
description: string
| Field | Description |
|---|---|
| awsServiceName Required | string The service principal for the Amazon Web Services service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com. Service principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see Amazon Web Services services that work with IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) in the IAM User Guide. Look for the services that have Yes in the Service-Linked Role column. Choose the Yes link to view the service-linked role documentation for that service. Regex Pattern: ^[\w+=,.@-]+$ |
| customSuffix Optional | string A string that you provide, which is combined with the service-provided prefix to form the complete role name. If you make multiple requests for the same service, then you must supply a different CustomSuffix for each request. Otherwise the request fails with a duplicate role name error. For example, you could add -1 or -debug to the suffix. Some services do not support the CustomSuffix parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix. Regex Pattern: ^[\w+=,.@-]+$ |
| description Optional | string The description of the role. Regex Pattern: ^[\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]*$ |
Status
ackResourceMetadata:
arn: string
ownerAccountID: string
region: string
assumeRolePolicyDocument: string
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
createDate: string
maxSessionDuration: integer
path: string
permissionsBoundary:
permissionsBoundaryARN: string
permissionsBoundaryType: string
roleID: string
roleLastUsed:
lastUsedDate: string
region: string
roleName: string
tags:
- key: string
value: string
| Field | Description |
|---|---|
| ackResourceMetadata Optional | object All CRs managed by ACK have a common Status.ACKResourceMetadata memberthat is used to contain resource sync state, account ownership, constructed ARN for the resource |
| ackResourceMetadata.arn Optional | string ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an “adopted” resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR’s Spec field values. https://github.com/aws/aws-controllers-k8s/issues/270 |
| ackResourceMetadata.ownerAccountID Required | string OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource. |
| ackResourceMetadata.region Required | string Region is the AWS region in which the resource exists or will exist. |
| assumeRolePolicyDocument Optional | string The policy that grants an entity permission to assume the role. Regex Pattern: ^[\u0009\u000A\u000D\u0020-\u00FF]+$ |
| conditions Optional | array All CRs managed by ACK have a common Status.Conditions member thatcontains a collection of ackv1alpha1.Condition objects that describethe various terminal states of the CR and its backend AWS service API resource |
| conditions.[] Required | object Condition is the common struct used by all CRDs managed by ACK service |
| controllers to indicate terminal states of the CR and its backend AWS | |
| service API resource | |
| conditions.[].message Optional | string A human readable message indicating details about the transition. |
| conditions.[].reason Optional | string The reason for the condition’s last transition. |
| conditions.[].status Optional | string Status of the condition, one of True, False, Unknown. |
| conditions.[].type Optional | string Type is the type of the Condition |
| createDate Optional | string The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), when the role was created. |
| maxSessionDuration Optional | integer The maximum session duration (in seconds) for the specified role. Anyone who uses the CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter. |
| path Optional | string The path to the role. For more information about paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. Regex Pattern: `^(\u002F) |
| permissionsBoundary Optional | object The ARN of the policy used to set the permissions boundary for the role. For more information about permissions boundaries, see Permissions boundaries for IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the IAM User Guide. |
| permissionsBoundary.permissionsBoundaryARN Optional | string The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources. For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the Amazon Web Services General Reference. |
| permissionsBoundary.permissionsBoundaryType Optional | string |
| roleID Optional | string The stable and unique string identifying the role. For more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. Regex Pattern: ^[\w]+$ |
| roleLastUsed Optional | object Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period) in the IAM user Guide. |
| roleLastUsed.lastUsedDate Optional | string |
| roleLastUsed.region Optional | string |
| roleName Optional | string The friendly name that identifies the role. Regex Pattern: ^[\w+=,.@-]+$ |
| tags Optional | array A list of tags that are attached to the role. For more information about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the IAM User Guide. |
| tags.[] Required | object A structure that represents user-provided metadata that can be associated |
| with an IAM resource. For more information about tagging, see Tagging IAM | |
| resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) | |
| in the IAM User Guide. | |
| tags.[].value Optional | string |