Why do I see a "Resource is not supported in guardrails": Validation error while creating template from scratch?
search cancel

Why do I see a "Resource is not supported in guardrails": Validation error while creating template from scratch?

book

Article ID: 284170

calendar_today

Updated On:

Products

Guardrails

Issue/Introduction

The reason why we get this validation error is because the resource is not supported by Guardrails.
Below are the list of supported Idem resource states in AWS policy templates:

 

Incorrect policy template:[aws.iam.role1.present is used instead of aws.iam.role.present]

META:
name: Create or verify IAM role for ReadOnly
provider: AWS
category: CONFIG
subcategory: Foundation
template_id: 6a.aws_iam.5
version: v1
description:
{% set role_name = params.get('role_name', 'MP_ReadOnly') %}
{% set trusted_account_ids = params.get('trusted_account_ids') %}

# Role
Create AWS IAM role {{role_name}}:
META:
name: Create AWS IAM Role
parameters:
trusted_account_ids:
description: "Specify the trusted account who is allowed to assume the role in the role trust policy."
name: "Trusted Account Ids"
uiElement: array
role_name:
description: "The name of the IAM role which helps identify this role."
name: "Role name"
uiElement: text
aws.iam.role1.present:
- name: {{role_name}}
- assume_role_policy_document: {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"sts:AssumeRole","Principal":{"AWS":{{trusted_account_ids}}},"Condition":{}}]}
- tags:
- Key: Name
Value: {{role_name}}



Correct Policy template:


META:
name: Create or verify IAM role for ReadOnly
provider: AWS
category: CONFIG
subcategory: Foundation
template_id: 6a.aws_iam.5
version: v1
description:
{% set role_name = params.get('role_name', 'MP_ReadOnly') %}
{% set trusted_account_ids = params.get('trusted_account_ids') %}

# Role
Create AWS IAM role {{role_name}}:
META:
name: Create AWS IAM Role
parameters:
trusted_account_ids:
description: "Specify the trusted account who is allowed to assume the role in the role trust policy."
name: "Trusted Account Ids"
uiElement: array
role_name:
description: "The name of the IAM role which helps identify this role."
name: "Role name"
uiElement: text
aws.iam.role.present:
- name: {{role_name}}
- assume_role_policy_document: {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"sts:AssumeRole","Principal":{"AWS":{{trusted_account_ids}}},"Condition":{}}]}
- tags:
- Key: Name
Value: {{role_name}}

Powered by Wolken Software