Table: ibm_iam_role - Query IBM IAM Roles using SQL
IBM Identity and Access Management (IAM) is a service that helps in managing access to IBM Cloud services. It allows you to create and manage identities, and set policies so that you can control who has access to what. IAM Roles are an IAM identity that you can create and use to delegate permissions to AWS service that needs to interact with your resources.
Table Usage Guide
The ibm_iam_role
table provides insights into IAM roles within IBM Identity and Access Management (IAM). As a DevOps engineer, explore role-specific details through this table, including permissions, trust policies, and associated metadata. Utilize it to uncover information about roles, such as those with wildcard permissions, the trust relationships between roles, and the verification of trust policies.
Examples
Basic info
Explore which IBM IAM roles are currently in use to understand their actions and assess their elements within your system. This can help pinpoint specific areas for security improvement or optimization.
select name, id, crn, actionsfrom ibm_iam_role;
select name, id, crn, actionsfrom ibm_iam_role;
Schema for ibm_iam_role
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The ID fof the account. |
actions | jsonb | The actions of the role. | |
created_at | timestamp with time zone | The timestamp when the role was created. | |
created_by_id | text | The IAM ID of the entity that created the role. | |
crn | text | The Cloud Resource Name (CRN) that uniquely identifies your cloud resources. | |
description | text | The description of the role. | |
display_name | text | The display name of the role that is shown in the console. | |
id | text | = | The role ID. |
last_modified_at | timestamp with time zone | The timestamp when the role was last modified. | |
last_modified_by_id | text | The IAM ID of the entity that last modified the policy. | |
name | text | The name of the role that is used in the CRN. | |
service_name | text | The service name. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibm
You can pass the configuration to the command with the --config
argument:
steampipe_export_ibm --config '<your_config>' ibm_iam_role