service_linked_roles
Creates, updates, deletes or gets a service_linked_role resource or lists service_linked_roles in a region
Overview
| Name | service_linked_roles |
| Type | Resource |
| Description | Resource Type definition for AWS::IAM::ServiceLinkedRole |
| Id | awscc.iam.service_linked_roles |
Fields
| Name | Datatype | Description |
|---|---|---|
role_name | string | The name of the role. |
custom_suffix | string | A string that you provide, which is combined with the service-provided prefix to form the complete role name. |
description | string | The description of the role. |
aws_service_name | string | The service principal for the AWS service to which this role is attached. |
region | string | AWS region. |
For more information, see AWS::IAM::ServiceLinkedRole.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | , region |
delete_resource | DELETE | Identifier, region |
update_resource | UPDATE | Identifier, PatchDocument, region |
get_resource | SELECT | Identifier, region |
SELECT examples
Gets all properties from an individual service_linked_role.
SELECT
region,
role_name,
custom_suffix,
description,
aws_service_name
FROM awscc.iam.service_linked_roles
WHERE
region = 'us-east-1' AND
Identifier = '{{ role_name }}';
INSERT example
Use the following StackQL query and manifest file to create a new service_linked_role resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.iam.service_linked_roles (
,
region
)
SELECT
'{{ }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.iam.service_linked_roles (
CustomSuffix,
Description,
AWSServiceName,
region
)
SELECT
'{{ custom_suffix }}',
'{{ description }}',
'{{ aws_service_name }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: service_linked_role
props:
- name: custom_suffix
value: '{{ custom_suffix }}'
- name: description
value: '{{ description }}'
- name: aws_service_name
value: '{{ aws_service_name }}'
UPDATE example
Use the following StackQL query and manifest file to update a service_linked_role resource, using stack-deploy.
/*+ update */
UPDATE awscc.iam.service_linked_roles
SET PatchDocument = string('{{ {
"Description": description
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ role_name }}';
DELETE example
/*+ delete */
DELETE FROM awscc.iam.service_linked_roles
WHERE
Identifier = '{{ role_name }}' AND
region = 'us-east-1';
Permissions
To operate on the service_linked_roles resource, the following permissions are required:
- Create
- Read
- Update
- Delete
iam:CreateServiceLinkedRole,
iam:GetRole
iam:GetRole
iam:UpdateRole,
iam:GetRole
iam:DeleteServiceLinkedRole,
iam:GetServiceLinkedRoleDeletionStatus,
iam:GetRole