steampipe plugin install ibm

Table: ibm_iam_role - Query IBM IAM Roles using SQL

IBM Identity and Access Management (IAM) is a service that helps in managing access to IBM Cloud services. It allows you to create and manage identities, and set policies so that you can control who has access to what. IAM Roles are an IAM identity that you can create and use to delegate permissions to AWS service that needs to interact with your resources.

Table Usage Guide

The ibm_iam_role table provides insights into IAM roles within IBM Identity and Access Management (IAM). As a DevOps engineer, explore role-specific details through this table, including permissions, trust policies, and associated metadata. Utilize it to uncover information about roles, such as those with wildcard permissions, the trust relationships between roles, and the verification of trust policies.

Examples

Basic info

Explore which IBM IAM roles are currently in use to understand their actions and assess their elements within your system. This can help pinpoint specific areas for security improvement or optimization.

select
name,
id,
crn,
actions
from
ibm_iam_role;
select
name,
id,
crn,
actions
from
ibm_iam_role;

Schema for ibm_iam_role

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The ID fof the account.
actionsjsonbThe actions of the role.
created_attimestamp with time zoneThe timestamp when the role was created.
created_by_idtextThe IAM ID of the entity that created the role.
crntextThe Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
descriptiontextThe description of the role.
display_nametextThe display name of the role that is shown in the console.
idtext=The role ID.
last_modified_attimestamp with time zoneThe timestamp when the role was last modified.
last_modified_by_idtextThe IAM ID of the entity that last modified the policy.
nametextThe name of the role that is used in the CRN.
service_nametextThe service name.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibm

You can pass the configuration to the command with the --config argument:

steampipe_export_ibm --config '<your_config>' ibm_iam_role