Class: Aws::ResilienceHub::Types::PermissionModel

Inherits:

Struct

• Object
• Struct
• Aws::ResilienceHub::Types::PermissionModel

Includes:

Structure

Defined in:

lib/aws-sdk-resiliencehub/types.rb

Overview

Defines the roles and credentials that Resilience Hub would use while creating the application, importing its resources, and running an assessment.

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #cross_account_role_arns ⇒ Array<String>

  Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts.

• #invoker_role_name ⇒ String

  Existing Amazon Web Services IAM role name in the primary Amazon Web Services account that will be assumed by Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.

• #type ⇒ String

  Defines how Resilience Hub scans your resources.

Instance Attribute Details

#cross_account_role_arns ⇒ Array<String>

Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts. These ARNs are used for querying purposes while importing resources and assessing your application.

<note markdown=“1”> * These ARNs are required only when your resources are in other

accounts and you have different role name in these accounts. Else,
the invoker role name will be used in the other accounts.

• These roles must have a trust policy with ‘iam:AssumeRole` permission to the invoker role in the primary account.

</note>

Returns:

• (Array<String>)

# File 'lib/aws-sdk-resiliencehub/types.rb', line 4744

class PermissionModel < Struct.new(
  :cross_account_role_arns,
  :invoker_role_name,
  :type)
  SENSITIVE = []
  include Aws::Structure
end

#invoker_role_name ⇒ String

Existing Amazon Web Services IAM role name in the primary Amazon Web Services account that will be assumed by Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.

<note markdown=“1”> * You must have ‘iam:passRole` permission for this role while

creating or updating the application.

• Currently, ‘invokerRoleName` accepts only `[A-Za-z0-9_+=,.@-]` characters.

</note>

Returns:

• (String)

# File 'lib/aws-sdk-resiliencehub/types.rb', line 4744

class PermissionModel < Struct.new(
  :cross_account_role_arns,
  :invoker_role_name,
  :type)
  SENSITIVE = []
  include Aws::Structure
end

#type ⇒ String

Defines how Resilience Hub scans your resources. It can scan for the resources by using a pre-existing role in your Amazon Web Services account, or by using the credentials of the current IAM user.

Returns:

• (String)

# File 'lib/aws-sdk-resiliencehub/types.rb', line 4744

class PermissionModel < Struct.new(
  :cross_account_role_arns,
  :invoker_role_name,
  :type)
  SENSITIVE = []
  include Aws::Structure
end