diff --git a/localstack-core/localstack/services/iam/provider.py b/localstack-core/localstack/services/iam/provider.py index 0be61467cf028..26da2c8adbe21 100644 --- a/localstack-core/localstack/services/iam/provider.py +++ b/localstack-core/localstack/services/iam/provider.py @@ -4,6 +4,7 @@ import random import re import string +import uuid from datetime import datetime from typing import Any, Dict, List, TypeVar from urllib.parse import quote @@ -36,6 +37,7 @@ GetServiceLinkedRoleDeletionStatusResponse, GetUserResponse, IamApi, + InvalidInputException, ListInstanceProfileTagsResponse, ListRolesResponse, ListServiceSpecificCredentialsResponse, @@ -75,9 +77,9 @@ from localstack.aws.connect import connect_to from localstack.constants import INTERNAL_AWS_SECRET_ACCESS_KEY from localstack.services.iam.iam_patches import apply_iam_patches +from localstack.services.iam.resources.service_linked_roles import SERVICE_LINKED_ROLES from localstack.services.moto import call_moto from localstack.utils.aws.request_context import extract_access_key_id_from_auth_header -from localstack.utils.common import short_uid LOG = logging.getLogger(__name__) @@ -311,8 +313,6 @@ def create_service_linked_role( custom_suffix: customSuffixType = None, **kwargs, ) -> CreateServiceLinkedRoleResponse: - # TODO: test - # TODO: how to support "CustomSuffix" API request parameter? policy_doc = json.dumps( { "Version": "2012-10-17", @@ -325,9 +325,28 @@ def create_service_linked_role( ], } ) - path = f"{SERVICE_LINKED_ROLE_PATH_PREFIX}/{aws_service_name}" - role_name = f"r-{short_uid()}" + service_role_data = SERVICE_LINKED_ROLES.get(aws_service_name) + + path = f"{SERVICE_LINKED_ROLE_PATH_PREFIX}/{aws_service_name}/" + if service_role_data: + if custom_suffix and not service_role_data["suffix_allowed"]: + raise InvalidInputException(f"Custom suffix is not allowed for {aws_service_name}") + role_name = service_role_data.get("role_name") + attached_policies = service_role_data["attached_policies"] + else: + role_name = f"AWSServiceRoleFor{aws_service_name.split('.')[0].capitalize()}" + attached_policies = [] + if custom_suffix: + role_name = f"{role_name}_{custom_suffix}" backend = get_iam_backend(context) + + # check for role duplicates + for role in backend.roles.values(): + if role.name == role_name: + raise InvalidInputException( + f"Service role name {role_name} has been taken in this account, please try a different suffix." + ) + role = backend.create_role( role_name=role_name, assume_role_policy_document=policy_doc, @@ -336,10 +355,19 @@ def create_service_linked_role( description=description, tags={}, max_session_duration=3600, + linked_service=aws_service_name, ) - role.service_linked_role_arn = "arn:{0}:iam::{1}:role/aws-service-role/{2}/{3}".format( - context.partition, context.account_id, aws_service_name, role.name - ) + # attach policies + for policy in attached_policies: + try: + backend.attach_role_policy(policy, role_name) + except Exception as e: + LOG.warning( + "Policy %s for service linked role %s does not exist: %s", + policy, + aws_service_name, + e, + ) res_role = self.moto_role_to_role_type(role) return CreateServiceLinkedRoleResponse(Role=res_role) @@ -347,15 +375,18 @@ def create_service_linked_role( def delete_service_linked_role( self, context: RequestContext, role_name: roleNameType, **kwargs ) -> DeleteServiceLinkedRoleResponse: - # TODO: test backend = get_iam_backend(context) + role = backend.get_role(role_name=role_name) + role.managed_policies.clear() backend.delete_role(role_name) - return DeleteServiceLinkedRoleResponse(DeletionTaskId=short_uid()) + return DeleteServiceLinkedRoleResponse( + DeletionTaskId=f"task{role.path}{role.name}/{uuid.uuid4()}" + ) def get_service_linked_role_deletion_status( self, context: RequestContext, deletion_task_id: DeletionTaskIdType, **kwargs ) -> GetServiceLinkedRoleDeletionStatusResponse: - # TODO: test + # TODO: check if task id is valid return GetServiceLinkedRoleDeletionStatusResponse(Status=DeletionTaskStatusType.SUCCEEDED) def put_user_permissions_boundary( diff --git a/localstack-core/localstack/services/iam/resources/service_linked_roles.py b/localstack-core/localstack/services/iam/resources/service_linked_roles.py new file mode 100644 index 0000000000000..679ec393dcffa --- /dev/null +++ b/localstack-core/localstack/services/iam/resources/service_linked_roles.py @@ -0,0 +1,550 @@ +SERVICE_LINKED_ROLES = { + "accountdiscovery.ssm.amazonaws.com": { + "service": "accountdiscovery.ssm.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonSSM_AccountDiscovery", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerAccountDiscoveryServicePolicy" + ], + "suffix_allowed": False, + }, + "acm.amazonaws.com": { + "service": "acm.amazonaws.com", + "role_name": "AWSServiceRoleForCertificateManager", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/CertificateManagerServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "appmesh.amazonaws.com": { + "service": "appmesh.amazonaws.com", + "role_name": "AWSServiceRoleForAppMesh", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "autoscaling-plans.amazonaws.com": { + "service": "autoscaling-plans.amazonaws.com", + "role_name": "AWSServiceRoleForAutoScalingPlans_EC2AutoScaling", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSAutoScalingPlansEC2AutoScalingPolicy" + ], + "suffix_allowed": False, + }, + "autoscaling.amazonaws.com": { + "service": "autoscaling.amazonaws.com", + "role_name": "AWSServiceRoleForAutoScaling", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy" + ], + "suffix_allowed": True, + }, + "backup.amazonaws.com": { + "service": "backup.amazonaws.com", + "role_name": "AWSServiceRoleForBackup", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup" + ], + "suffix_allowed": False, + }, + "batch.amazonaws.com": { + "service": "batch.amazonaws.com", + "role_name": "AWSServiceRoleForBatch", + "attached_policies": ["arn:aws:iam::aws:policy/aws-service-role/BatchServiceRolePolicy"], + "suffix_allowed": False, + }, + "cassandra.application-autoscaling.amazonaws.com": { + "service": "cassandra.application-autoscaling.amazonaws.com", + "role_name": "AWSServiceRoleForApplicationAutoScaling_CassandraTable", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingCassandraTablePolicy" + ], + "suffix_allowed": False, + }, + "cks.kms.amazonaws.com": { + "service": "cks.kms.amazonaws.com", + "role_name": "AWSServiceRoleForKeyManagementServiceCustomKeyStores", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "cloudtrail.amazonaws.com": { + "service": "cloudtrail.amazonaws.com", + "role_name": "AWSServiceRoleForCloudTrail", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/CloudTrailServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "codestar-notifications.amazonaws.com": { + "service": "codestar-notifications.amazonaws.com", + "role_name": "AWSServiceRoleForCodeStarNotifications", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSCodeStarNotificationsServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "config.amazonaws.com": { + "service": "config.amazonaws.com", + "role_name": "AWSServiceRoleForConfig", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "connect.amazonaws.com": { + "service": "connect.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonConnect", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectServiceLinkedRolePolicy" + ], + "suffix_allowed": True, + }, + "dms-fleet-advisor.amazonaws.com": { + "service": "dms-fleet-advisor.amazonaws.com", + "role_name": "AWSServiceRoleForDMSFleetAdvisor", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSDMSFleetAdvisorServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "dms.amazonaws.com": { + "service": "dms.amazonaws.com", + "role_name": "AWSServiceRoleForDMSServerless", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSDMSServerlessServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "docdb-elastic.amazonaws.com": { + "service": "docdb-elastic.amazonaws.com", + "role_name": "AWSServiceRoleForDocDB-Elastic", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonDocDB-ElasticServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "ec2-instance-connect.amazonaws.com": { + "service": "ec2-instance-connect.amazonaws.com", + "role_name": "AWSServiceRoleForEc2InstanceConnect", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/Ec2InstanceConnectEndpoint" + ], + "suffix_allowed": False, + }, + "ec2.application-autoscaling.amazonaws.com": { + "service": "ec2.application-autoscaling.amazonaws.com", + "role_name": "AWSServiceRoleForApplicationAutoScaling_EC2SpotFleetRequest", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEC2SpotFleetRequestPolicy" + ], + "suffix_allowed": False, + }, + "ecr.amazonaws.com": { + "service": "ecr.amazonaws.com", + "role_name": "AWSServiceRoleForECRTemplate", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/ECRTemplateServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "ecs.amazonaws.com": { + "service": "ecs.amazonaws.com", + "role_name": "AWSServiceRoleForECS", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "eks-connector.amazonaws.com": { + "service": "eks-connector.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonEKSConnector", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSConnectorServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "eks-fargate.amazonaws.com": { + "service": "eks-fargate.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonEKSForFargate", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "eks-nodegroup.amazonaws.com": { + "service": "eks-nodegroup.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonEKSNodegroup", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup" + ], + "suffix_allowed": False, + }, + "eks.amazonaws.com": { + "service": "eks.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonEKS", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "elasticache.amazonaws.com": { + "service": "elasticache.amazonaws.com", + "role_name": "AWSServiceRoleForElastiCache", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "elasticbeanstalk.amazonaws.com": { + "service": "elasticbeanstalk.amazonaws.com", + "role_name": "AWSServiceRoleForElasticBeanstalk", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "elasticfilesystem.amazonaws.com": { + "service": "elasticfilesystem.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonElasticFileSystem", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "elasticloadbalancing.amazonaws.com": { + "service": "elasticloadbalancing.amazonaws.com", + "role_name": "AWSServiceRoleForElasticLoadBalancing", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "email.cognito-idp.amazonaws.com": { + "service": "email.cognito-idp.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonCognitoIdpEmailService", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpEmailServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "emr-containers.amazonaws.com": { + "service": "emr-containers.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonEMRContainers", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRContainersServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "emrwal.amazonaws.com": { + "service": "emrwal.amazonaws.com", + "role_name": "AWSServiceRoleForEMRWAL", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/EMRDescribeClusterPolicyForEMRWAL" + ], + "suffix_allowed": False, + }, + "fis.amazonaws.com": { + "service": "fis.amazonaws.com", + "role_name": "AWSServiceRoleForFIS", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonFISServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "grafana.amazonaws.com": { + "service": "grafana.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonGrafana", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonGrafanaServiceLinkedRolePolicy" + ], + "suffix_allowed": False, + }, + "imagebuilder.amazonaws.com": { + "service": "imagebuilder.amazonaws.com", + "role_name": "AWSServiceRoleForImageBuilder", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder" + ], + "suffix_allowed": False, + }, + "iotmanagedintegrations.amazonaws.com": { + "service": "iotmanagedintegrations.amazonaws.com", + "role_name": "AWSServiceRoleForIoTManagedIntegrations", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSIoTManagedIntegrationsRolePolicy" + ], + "suffix_allowed": False, + }, + "kafka.amazonaws.com": { + "service": "kafka.amazonaws.com", + "role_name": "AWSServiceRoleForKafka", + "attached_policies": ["arn:aws:iam::aws:policy/aws-service-role/KafkaServiceRolePolicy"], + "suffix_allowed": False, + }, + "kafkaconnect.amazonaws.com": { + "service": "kafkaconnect.amazonaws.com", + "role_name": "AWSServiceRoleForKafkaConnect", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/KafkaConnectServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "lakeformation.amazonaws.com": { + "service": "lakeformation.amazonaws.com", + "role_name": "AWSServiceRoleForLakeFormationDataAccess", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/LakeFormationDataAccessServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "lex.amazonaws.com": { + "service": "lex.amazonaws.com", + "role_name": "AWSServiceRoleForLexBots", + "attached_policies": ["arn:aws:iam::aws:policy/aws-service-role/AmazonLexBotPolicy"], + "suffix_allowed": False, + }, + "lexv2.amazonaws.com": { + "service": "lexv2.amazonaws.com", + "role_name": "AWSServiceRoleForLexV2Bots", + "attached_policies": ["arn:aws:iam::aws:policy/aws-service-role/AmazonLexV2BotPolicy"], + "suffix_allowed": True, + }, + "lightsail.amazonaws.com": { + "service": "lightsail.amazonaws.com", + "role_name": "AWSServiceRoleForLightsail", + "attached_policies": ["arn:aws:iam::aws:policy/aws-service-role/LightsailExportAccess"], + "suffix_allowed": False, + }, + "m2.amazonaws.com": { + "service": "m2.amazonaws.com", + "role_name": "AWSServiceRoleForAWSM2", + "attached_policies": ["arn:aws:iam::aws:policy/aws-service-role/AWSM2ServicePolicy"], + "suffix_allowed": False, + }, + "memorydb.amazonaws.com": { + "service": "memorydb.amazonaws.com", + "role_name": "AWSServiceRoleForMemoryDB", + "attached_policies": ["arn:aws:iam::aws:policy/aws-service-role/MemoryDBServiceRolePolicy"], + "suffix_allowed": False, + }, + "mq.amazonaws.com": { + "service": "mq.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonMQ", + "attached_policies": ["arn:aws:iam::aws:policy/aws-service-role/AmazonMQServiceRolePolicy"], + "suffix_allowed": False, + }, + "mrk.kms.amazonaws.com": { + "service": "mrk.kms.amazonaws.com", + "role_name": "AWSServiceRoleForKeyManagementServiceMultiRegionKeys", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "notifications.amazonaws.com": { + "service": "notifications.amazonaws.com", + "role_name": "AWSServiceRoleForAwsUserNotifications", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSUserNotificationsServiceLinkedRolePolicy" + ], + "suffix_allowed": False, + }, + "observability.aoss.amazonaws.com": { + "service": "observability.aoss.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonOpenSearchServerless", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchServerlessServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "opensearchservice.amazonaws.com": { + "service": "opensearchservice.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonOpenSearchService", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "ops.apigateway.amazonaws.com": { + "service": "ops.apigateway.amazonaws.com", + "role_name": "AWSServiceRoleForAPIGateway", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/APIGatewayServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "ops.emr-serverless.amazonaws.com": { + "service": "ops.emr-serverless.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonEMRServerless", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRServerlessServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "opsdatasync.ssm.amazonaws.com": { + "service": "opsdatasync.ssm.amazonaws.com", + "role_name": "AWSServiceRoleForSystemsManagerOpsDataSync", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerOpsDataSyncServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "opsinsights.ssm.amazonaws.com": { + "service": "opsinsights.ssm.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonSSM_OpsInsights", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSSSMOpsInsightsServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "pullthroughcache.ecr.amazonaws.com": { + "service": "pullthroughcache.ecr.amazonaws.com", + "role_name": "AWSServiceRoleForECRPullThroughCache", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSECRPullThroughCache_ServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "ram.amazonaws.com": { + "service": "ram.amazonaws.com", + "role_name": "AWSServiceRoleForResourceAccessManager", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSResourceAccessManagerServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "rds.amazonaws.com": { + "service": "rds.amazonaws.com", + "role_name": "AWSServiceRoleForRDS", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "redshift.amazonaws.com": { + "service": "redshift.amazonaws.com", + "role_name": "AWSServiceRoleForRedshift", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonRedshiftServiceLinkedRolePolicy" + ], + "suffix_allowed": False, + }, + "replication.cassandra.amazonaws.com": { + "service": "replication.cassandra.amazonaws.com", + "role_name": "AWSServiceRoleForKeyspacesReplication", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/KeyspacesReplicationServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "replication.ecr.amazonaws.com": { + "service": "replication.ecr.amazonaws.com", + "role_name": "AWSServiceRoleForECRReplication", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/ECRReplicationServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "repository.sync.codeconnections.amazonaws.com": { + "service": "repository.sync.codeconnections.amazonaws.com", + "role_name": "AWSServiceRoleForGitSync", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSGitSyncServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "resource-explorer-2.amazonaws.com": { + "service": "resource-explorer-2.amazonaws.com", + "role_name": "AWSServiceRoleForResourceExplorer", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "rolesanywhere.amazonaws.com": { + "service": "rolesanywhere.amazonaws.com", + "role_name": "AWSServiceRoleForRolesAnywhere", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSRolesAnywhereServicePolicy" + ], + "suffix_allowed": False, + }, + "s3-outposts.amazonaws.com": { + "service": "s3-outposts.amazonaws.com", + "role_name": "AWSServiceRoleForS3OnOutposts", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSS3OnOutpostsServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "ses.amazonaws.com": { + "service": "ses.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonSES", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonSESServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "shield.amazonaws.com": { + "service": "shield.amazonaws.com", + "role_name": "AWSServiceRoleForAWSShield", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSShieldServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "ssm-incidents.amazonaws.com": { + "service": "ssm-incidents.amazonaws.com", + "role_name": "AWSServiceRoleForIncidentManager", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSIncidentManagerServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "ssm-quicksetup.amazonaws.com": { + "service": "ssm-quicksetup.amazonaws.com", + "role_name": "AWSServiceRoleForSSMQuickSetup", + "attached_policies": ["arn:aws:iam::aws:policy/aws-service-role/SSMQuickSetupRolePolicy"], + "suffix_allowed": False, + }, + "ssm.amazonaws.com": { + "service": "ssm.amazonaws.com", + "role_name": "AWSServiceRoleForAmazonSSM", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "sso.amazonaws.com": { + "service": "sso.amazonaws.com", + "role_name": "AWSServiceRoleForSSO", + "attached_policies": ["arn:aws:iam::aws:policy/aws-service-role/AWSSSOServiceRolePolicy"], + "suffix_allowed": False, + }, + "vpcorigin.cloudfront.amazonaws.com": { + "service": "vpcorigin.cloudfront.amazonaws.com", + "role_name": "AWSServiceRoleForCloudFrontVPCOrigin", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/AWSCloudFrontVPCOriginServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "waf.amazonaws.com": { + "service": "waf.amazonaws.com", + "role_name": "AWSServiceRoleForWAFLogging", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/WAFLoggingServiceRolePolicy" + ], + "suffix_allowed": False, + }, + "wafv2.amazonaws.com": { + "service": "wafv2.amazonaws.com", + "role_name": "AWSServiceRoleForWAFV2Logging", + "attached_policies": [ + "arn:aws:iam::aws:policy/aws-service-role/WAFV2LoggingServiceRolePolicy" + ], + "suffix_allowed": False, + }, +} diff --git a/tests/aws/services/iam/test_iam.py b/tests/aws/services/iam/test_iam.py index c5950dd692d8b..77ea19da586ee 100755 --- a/tests/aws/services/iam/test_iam.py +++ b/tests/aws/services/iam/test_iam.py @@ -1,3 +1,4 @@ +import functools import json import logging from urllib.parse import quote_plus @@ -9,9 +10,11 @@ from localstack.services.iam.iam_patches import ADDITIONAL_MANAGED_POLICIES from localstack.testing.aws.util import create_client_with_keys, wait_for_user from localstack.testing.pytest import markers +from localstack.testing.snapshots.transformer_utility import PATTERN_UUID from localstack.utils.aws.arns import get_partition from localstack.utils.common import short_uid from localstack.utils.strings import long_uid +from localstack.utils.sync import retry LOG = logging.getLogger(__name__) @@ -1204,3 +1207,214 @@ def test_invalid_update_parameters( ServiceSpecificCredentialId=credential_id, Status="Invalid" ) snapshot.match("update-invalid-status", e.value.response) + + +class TestIAMServiceRoles: + SERVICES = { + "accountdiscovery.ssm.amazonaws.com": (), + "acm.amazonaws.com": (), + "appmesh.amazonaws.com": (), + "autoscaling-plans.amazonaws.com": (), + "autoscaling.amazonaws.com": (), + "backup.amazonaws.com": (), + "batch.amazonaws.com": (), + "cassandra.application-autoscaling.amazonaws.com": (), + "cks.kms.amazonaws.com": (), + "cloudtrail.amazonaws.com": (), + "codestar-notifications.amazonaws.com": (), + "config.amazonaws.com": (), + "connect.amazonaws.com": (), + "dms-fleet-advisor.amazonaws.com": (), + "dms.amazonaws.com": (), + "docdb-elastic.amazonaws.com": (), + "ec2-instance-connect.amazonaws.com": (), + "ec2.application-autoscaling.amazonaws.com": (), + "ecr.amazonaws.com": (), + "ecs.amazonaws.com": (), + "eks-connector.amazonaws.com": (), + "eks-fargate.amazonaws.com": (), + "eks-nodegroup.amazonaws.com": (), + "eks.amazonaws.com": (), + "elasticache.amazonaws.com": (), + "elasticbeanstalk.amazonaws.com": (), + "elasticfilesystem.amazonaws.com": (), + "elasticloadbalancing.amazonaws.com": (), + "email.cognito-idp.amazonaws.com": (), + "emr-containers.amazonaws.com": (), + "emrwal.amazonaws.com": (), + "fis.amazonaws.com": (), + "grafana.amazonaws.com": (), + "imagebuilder.amazonaws.com": (), + "iotmanagedintegrations.amazonaws.com": ( + markers.snapshot.skip_snapshot_verify(paths=["$..AttachedPolicies"]) + ), # TODO include aws managed policy in the future + "kafka.amazonaws.com": (), + "kafkaconnect.amazonaws.com": (), + "lakeformation.amazonaws.com": (), + "lex.amazonaws.com": ( + markers.snapshot.skip_snapshot_verify(paths=["$..AttachedPolicies"]) + ), # TODO include aws managed policy in the future + "lexv2.amazonaws.com": (), + "lightsail.amazonaws.com": (), + # "logs.amazonaws.com": (), # not possible to create on AWS + "m2.amazonaws.com": (), + "memorydb.amazonaws.com": (), + "mq.amazonaws.com": (), + "mrk.kms.amazonaws.com": (), + "notifications.amazonaws.com": (), + "observability.aoss.amazonaws.com": (), + "opensearchservice.amazonaws.com": (), + "ops.apigateway.amazonaws.com": (), + "ops.emr-serverless.amazonaws.com": (), + "opsdatasync.ssm.amazonaws.com": (), + "opsinsights.ssm.amazonaws.com": (), + "pullthroughcache.ecr.amazonaws.com": (), + "ram.amazonaws.com": (), + "rds.amazonaws.com": (), + "redshift.amazonaws.com": (), + "replication.cassandra.amazonaws.com": (), + "replication.ecr.amazonaws.com": (), + "repository.sync.codeconnections.amazonaws.com": (), + "resource-explorer-2.amazonaws.com": (), + # "resourcegroups.amazonaws.com": (), # not possible to create on AWS + "rolesanywhere.amazonaws.com": (), + "s3-outposts.amazonaws.com": (), + "ses.amazonaws.com": (), + "shield.amazonaws.com": (), + "ssm-incidents.amazonaws.com": (), + "ssm-quicksetup.amazonaws.com": (), + "ssm.amazonaws.com": (), + "sso.amazonaws.com": (), + "vpcorigin.cloudfront.amazonaws.com": (), + "waf.amazonaws.com": (), + "wafv2.amazonaws.com": (), + } + + SERVICES_CUSTOM_SUFFIX = [ + "autoscaling.amazonaws.com", + "connect.amazonaws.com", + "lexv2.amazonaws.com", + ] + + @pytest.fixture + def create_service_linked_role(self, aws_client): + role_names = [] + + @functools.wraps(aws_client.iam.create_service_linked_role) + def _create_service_linked_role(*args, **kwargs): + response = aws_client.iam.create_service_linked_role(*args, **kwargs) + role_names.append(response["Role"]["RoleName"]) + return response + + yield _create_service_linked_role + for role_name in role_names: + try: + aws_client.iam.delete_service_linked_role(RoleName=role_name) + except Exception as e: + LOG.debug("Error while deleting service linked role '%s': %s", role_name, e) + + @pytest.fixture + def create_service_linked_role_if_not_exists(self, aws_client, create_service_linked_role): + """This fixture is necessary since some service linked roles cannot be deleted - so we have to snapshot the existing ones""" + + def _create_service_linked_role_if_not_exists(*args, **kwargs): + try: + return create_service_linked_role(*args, **kwargs)["Role"]["RoleName"] + except aws_client.iam.exceptions.InvalidInputException as e: + # return the role name from the error message for now, quite hacky. + return e.response["Error"]["Message"].split()[3] + + return _create_service_linked_role_if_not_exists + + @pytest.fixture(autouse=True) + def snapshot_transformers(self, snapshot): + snapshot.add_transformer(snapshot.transform.key_value("RoleId")) + + @markers.aws.validated + # last used and the description depend on whether the role was created in the snapshot account by a service or manually + @markers.snapshot.skip_snapshot_verify(paths=["$..Role.RoleLastUsed", "$..Role.Description"]) + @pytest.mark.parametrize( + "service_name", + [pytest.param(service, marks=marker) for service, marker in SERVICES.items()], + ) + def test_service_role_lifecycle( + self, aws_client, snapshot, create_service_linked_role_if_not_exists, service_name + ): + # some roles are already present and not deletable - so we just create them if they exist, and snapshot later + role_name = create_service_linked_role_if_not_exists(AWSServiceName=service_name) + + response = aws_client.iam.get_role(RoleName=role_name) + snapshot.match("describe-response", response) + + response = aws_client.iam.list_role_policies(RoleName=role_name) + snapshot.match("inline-role-policies", response) + + response = aws_client.iam.list_attached_role_policies(RoleName=role_name) + snapshot.match("attached-role-policies", response) + + @markers.aws.validated + @pytest.mark.parametrize("service_name", SERVICES_CUSTOM_SUFFIX) + def test_service_role_lifecycle_custom_suffix( + self, aws_client, snapshot, create_service_linked_role, service_name + ): + """Tests services allowing custom suffixes""" + custom_suffix = short_uid() + snapshot.add_transformer(snapshot.transform.regex(custom_suffix, "")) + response = create_service_linked_role( + AWSServiceName=service_name, CustomSuffix=custom_suffix + ) + role_name = response["Role"]["RoleName"] + + response = aws_client.iam.get_role(RoleName=role_name) + snapshot.match("describe-response", response) + + response = aws_client.iam.list_role_policies(RoleName=role_name) + snapshot.match("inline-role-policies", response) + + response = aws_client.iam.list_attached_role_policies(RoleName=role_name) + snapshot.match("attached-role-policies", response) + + @markers.aws.validated + @pytest.mark.parametrize( + "service_name", list(set(SERVICES.keys()) - set(SERVICES_CUSTOM_SUFFIX)) + ) + def test_service_role_lifecycle_custom_suffix_not_allowed( + self, aws_client, snapshot, create_service_linked_role, service_name + ): + """Test services which do not allow custom suffixes""" + suffix = "testsuffix" + with pytest.raises(ClientError) as e: + aws_client.iam.create_service_linked_role( + AWSServiceName=service_name, CustomSuffix=suffix + ) + snapshot.match("custom-suffix-not-allowed", e.value.response) + + @markers.aws.validated + def test_service_role_deletion(self, aws_client, snapshot, create_service_linked_role): + """Testing deletion only with one service name to avoid undeletable service linked roles in developer accounts""" + snapshot.add_transformer(snapshot.transform.regex(PATTERN_UUID, "")) + service_name = "batch.amazonaws.com" + role_name = create_service_linked_role(AWSServiceName=service_name)["Role"]["RoleName"] + + response = aws_client.iam.delete_service_linked_role(RoleName=role_name) + snapshot.match("service-linked-role-deletion-response", response) + deletion_task_id = response["DeletionTaskId"] + + def wait_role_deleted(): + response = aws_client.iam.get_service_linked_role_deletion_status( + DeletionTaskId=deletion_task_id + ) + assert response["Status"] == "SUCCEEDED" + return response + + response = retry(wait_role_deleted, retries=10, sleep=1) + snapshot.match("service-linked-role-deletion-status-response", response) + + @markers.aws.validated + def test_service_role_already_exists(self, aws_client, snapshot, create_service_linked_role): + service_name = "batch.amazonaws.com" + create_service_linked_role(AWSServiceName=service_name) + + with pytest.raises(ClientError) as e: + aws_client.iam.create_service_linked_role(AWSServiceName=service_name) + snapshot.match("role-already-exists-error", e.value.response) diff --git a/tests/aws/services/iam/test_iam.snapshot.json b/tests/aws/services/iam/test_iam.snapshot.json index 4f441e1c843aa..d33c8049e88c1 100644 --- a/tests/aws/services/iam/test_iam.snapshot.json +++ b/tests/aws/services/iam/test_iam.snapshot.json @@ -1178,5 +1178,5068 @@ } } } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[accountdiscovery.ssm.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:30:49", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/accountdiscovery.ssm.amazonaws.com/AWSServiceRoleForAmazonSSM_AccountDiscovery", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "accountdiscovery.ssm.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/accountdiscovery.ssm.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonSSM_AccountDiscovery" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSSystemsManagerAccountDiscoveryServicePolicy", + "PolicyName": "AWSSystemsManagerAccountDiscoveryServicePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[acm.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:30:50", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "acm.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/acm.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForCertificateManager" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/CertificateManagerServiceRolePolicy", + "PolicyName": "CertificateManagerServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[appmesh.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:30:51", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/appmesh.amazonaws.com/AWSServiceRoleForAppMesh", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "appmesh.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/appmesh.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAppMesh" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSAppMeshServiceRolePolicy", + "PolicyName": "AWSAppMeshServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[autoscaling-plans.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:30:51", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/autoscaling-plans.amazonaws.com/AWSServiceRoleForAutoScalingPlans_EC2AutoScaling", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "autoscaling-plans.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/autoscaling-plans.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAutoScalingPlans_EC2AutoScaling" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSAutoScalingPlansEC2AutoScalingPolicy", + "PolicyName": "AWSAutoScalingPlansEC2AutoScalingPolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[autoscaling.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:30:52", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "autoscaling.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/autoscaling.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAutoScaling" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy", + "PolicyName": "AutoScalingServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[backup.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:30:53", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "backup.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/backup.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForBackup" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup", + "PolicyName": "AWSBackupServiceLinkedRolePolicyForBackup" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[batch.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:30:54", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/batch.amazonaws.com/AWSServiceRoleForBatch", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "batch.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/batch.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForBatch" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/BatchServiceRolePolicy", + "PolicyName": "BatchServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[cassandra.application-autoscaling.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:30:55", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "cassandra.application-autoscaling.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/cassandra.application-autoscaling.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForApplicationAutoScaling_CassandraTable" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSApplicationAutoscalingCassandraTablePolicy", + "PolicyName": "AWSApplicationAutoscalingCassandraTablePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[cks.kms.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:30:56", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/cks.kms.amazonaws.com/AWSServiceRoleForKeyManagementServiceCustomKeyStores", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "cks.kms.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/cks.kms.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForKeyManagementServiceCustomKeyStores" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy", + "PolicyName": "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[cloudtrail.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:30:57", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/cloudtrail.amazonaws.com/AWSServiceRoleForCloudTrail", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "cloudtrail.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/cloudtrail.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForCloudTrail" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/CloudTrailServiceRolePolicy", + "PolicyName": "CloudTrailServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[codestar-notifications.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:30:58", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/codestar-notifications.amazonaws.com/AWSServiceRoleForCodeStarNotifications", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codestar-notifications.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/codestar-notifications.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForCodeStarNotifications" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSCodeStarNotificationsServiceRolePolicy", + "PolicyName": "AWSCodeStarNotificationsServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[config.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:30:59", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "config.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/config.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForConfig" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy", + "PolicyName": "AWSConfigServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[connect.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:00", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "connect.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/connect.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonConnect" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonConnectServiceLinkedRolePolicy", + "PolicyName": "AmazonConnectServiceLinkedRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[dms-fleet-advisor.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:01", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/dms-fleet-advisor.amazonaws.com/AWSServiceRoleForDMSFleetAdvisor", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "dms-fleet-advisor.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/dms-fleet-advisor.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForDMSFleetAdvisor" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSDMSFleetAdvisorServiceRolePolicy", + "PolicyName": "AWSDMSFleetAdvisorServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[dms.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:02", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/dms.amazonaws.com/AWSServiceRoleForDMSServerless", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "dms.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/dms.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForDMSServerless" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSDMSServerlessServiceRolePolicy", + "PolicyName": "AWSDMSServerlessServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[docdb-elastic.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:03", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/docdb-elastic.amazonaws.com/AWSServiceRoleForDocDB-Elastic", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "docdb-elastic.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/docdb-elastic.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForDocDB-Elastic" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonDocDB-ElasticServiceRolePolicy", + "PolicyName": "AmazonDocDB-ElasticServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ec2-instance-connect.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:04", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/ec2-instance-connect.amazonaws.com/AWSServiceRoleForEc2InstanceConnect", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2-instance-connect.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/ec2-instance-connect.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForEc2InstanceConnect" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/Ec2InstanceConnectEndpoint", + "PolicyName": "Ec2InstanceConnectEndpoint" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ec2.application-autoscaling.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:05", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/ec2.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_EC2SpotFleetRequest", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.application-autoscaling.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/ec2.application-autoscaling.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForApplicationAutoScaling_EC2SpotFleetRequest" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEC2SpotFleetRequestPolicy", + "PolicyName": "AWSApplicationAutoscalingEC2SpotFleetRequestPolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ecr.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:06", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/ecr.amazonaws.com/AWSServiceRoleForECRTemplate", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecr.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/ecr.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForECRTemplate" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/ECRTemplateServiceRolePolicy", + "PolicyName": "ECRTemplateServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ecs.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:07", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/ecs.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForECS" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy", + "PolicyName": "AmazonECSServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[eks-connector.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:08", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/eks-connector.amazonaws.com/AWSServiceRoleForAmazonEKSConnector", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "eks-connector.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/eks-connector.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonEKSConnector" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonEKSConnectorServiceRolePolicy", + "PolicyName": "AmazonEKSConnectorServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[eks-fargate.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:08", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/eks-fargate.amazonaws.com/AWSServiceRoleForAmazonEKSForFargate", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "eks-fargate.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/eks-fargate.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonEKSForFargate" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy", + "PolicyName": "AmazonEKSForFargateServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[eks-nodegroup.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:09", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "eks-nodegroup.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/eks-nodegroup.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonEKSNodegroup" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup", + "PolicyName": "AWSServiceRoleForAmazonEKSNodegroup" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[eks.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:10", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/eks.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonEKS" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy", + "PolicyName": "AmazonEKSServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[elasticache.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:11", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "elasticache.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/elasticache.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForElastiCache" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy", + "PolicyName": "ElastiCacheServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[elasticbeanstalk.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:12", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "elasticbeanstalk.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/elasticbeanstalk.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForElasticBeanstalk" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSElasticBeanstalkServiceRolePolicy", + "PolicyName": "AWSElasticBeanstalkServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[elasticfilesystem.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:13", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/elasticfilesystem.amazonaws.com/AWSServiceRoleForAmazonElasticFileSystem", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "elasticfilesystem.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/elasticfilesystem.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonElasticFileSystem" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy", + "PolicyName": "AmazonElasticFileSystemServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[elasticloadbalancing.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:14", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "elasticloadbalancing.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/elasticloadbalancing.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForElasticLoadBalancing" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy", + "PolicyName": "AWSElasticLoadBalancingServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[email.cognito-idp.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:14", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/email.cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdpEmailService", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "email.cognito-idp.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/email.cognito-idp.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonCognitoIdpEmailService" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonCognitoIdpEmailServiceRolePolicy", + "PolicyName": "AmazonCognitoIdpEmailServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[emr-containers.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:15", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/emr-containers.amazonaws.com/AWSServiceRoleForAmazonEMRContainers", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "emr-containers.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/emr-containers.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonEMRContainers" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonEMRContainersServiceRolePolicy", + "PolicyName": "AmazonEMRContainersServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[emrwal.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:16", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/emrwal.amazonaws.com/AWSServiceRoleForEMRWAL", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "emrwal.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/emrwal.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForEMRWAL" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/EMRDescribeClusterPolicyForEMRWAL", + "PolicyName": "EMRDescribeClusterPolicyForEMRWAL" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[fis.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:17", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/fis.amazonaws.com/AWSServiceRoleForFIS", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "fis.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/fis.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForFIS" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonFISServiceRolePolicy", + "PolicyName": "AmazonFISServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[grafana.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:18", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/grafana.amazonaws.com/AWSServiceRoleForAmazonGrafana", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "grafana.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/grafana.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonGrafana" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonGrafanaServiceLinkedRolePolicy", + "PolicyName": "AmazonGrafanaServiceLinkedRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[imagebuilder.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:19", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "imagebuilder.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/imagebuilder.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForImageBuilder" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder", + "PolicyName": "AWSServiceRoleForImageBuilder" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[iotmanagedintegrations.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:20", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/iotmanagedintegrations.amazonaws.com/AWSServiceRoleForIoTManagedIntegrations", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "iotmanagedintegrations.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/iotmanagedintegrations.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForIoTManagedIntegrations" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSIoTManagedIntegrationsRolePolicy", + "PolicyName": "AWSIoTManagedIntegrationsRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[kafka.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:21", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kafka.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/kafka.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": { + "LastUsedDate": "", + "Region": "" + }, + "RoleName": "AWSServiceRoleForKafka" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/KafkaServiceRolePolicy", + "PolicyName": "KafkaServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[kafkaconnect.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:22", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/kafkaconnect.amazonaws.com/AWSServiceRoleForKafkaConnect", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "kafkaconnect.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/kafkaconnect.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForKafkaConnect" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/KafkaConnectServiceRolePolicy", + "PolicyName": "KafkaConnectServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[lakeformation.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:23", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lakeformation.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/lakeformation.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForLakeFormationDataAccess" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/LakeFormationDataAccessServiceRolePolicy", + "PolicyName": "LakeFormationDataAccessServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[lex.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:24", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lex.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/lex.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForLexBots" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonLexBotPolicy", + "PolicyName": "AmazonLexBotPolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[lexv2.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:25", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lexv2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/lexv2.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForLexV2Bots" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonLexV2BotPolicy", + "PolicyName": "AmazonLexV2BotPolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[lightsail.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:25", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/lightsail.amazonaws.com/AWSServiceRoleForLightsail", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lightsail.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/lightsail.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForLightsail" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/LightsailExportAccess", + "PolicyName": "LightsailExportAccess" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[m2.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:26", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/m2.amazonaws.com/AWSServiceRoleForAWSM2", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "m2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/m2.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAWSM2" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSM2ServicePolicy", + "PolicyName": "AWSM2ServicePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[memorydb.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:27", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/memorydb.amazonaws.com/AWSServiceRoleForMemoryDB", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "memorydb.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/memorydb.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForMemoryDB" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/MemoryDBServiceRolePolicy", + "PolicyName": "MemoryDBServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[mq.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:28", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/mq.amazonaws.com/AWSServiceRoleForAmazonMQ", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "mq.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/mq.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonMQ" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonMQServiceRolePolicy", + "PolicyName": "AmazonMQServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[mrk.kms.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:29", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/mrk.kms.amazonaws.com/AWSServiceRoleForKeyManagementServiceMultiRegionKeys", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "mrk.kms.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/mrk.kms.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForKeyManagementServiceMultiRegionKeys" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy", + "PolicyName": "AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[notifications.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:30", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/notifications.amazonaws.com/AWSServiceRoleForAwsUserNotifications", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "notifications.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/notifications.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAwsUserNotifications" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSUserNotificationsServiceLinkedRolePolicy", + "PolicyName": "AWSUserNotificationsServiceLinkedRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[observability.aoss.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:31", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/observability.aoss.amazonaws.com/AWSServiceRoleForAmazonOpenSearchServerless", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "observability.aoss.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/observability.aoss.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonOpenSearchServerless" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonOpenSearchServerlessServiceRolePolicy", + "PolicyName": "AmazonOpenSearchServerlessServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[opensearchservice.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:32", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/opensearchservice.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "opensearchservice.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/opensearchservice.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonOpenSearchService" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonOpenSearchServiceRolePolicy", + "PolicyName": "AmazonOpenSearchServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ops.apigateway.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:33", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ops.apigateway.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/ops.apigateway.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAPIGateway" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/APIGatewayServiceRolePolicy", + "PolicyName": "APIGatewayServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ops.emr-serverless.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:34", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/ops.emr-serverless.amazonaws.com/AWSServiceRoleForAmazonEMRServerless", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ops.emr-serverless.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/ops.emr-serverless.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonEMRServerless" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonEMRServerlessServiceRolePolicy", + "PolicyName": "AmazonEMRServerlessServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[opsdatasync.ssm.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:35", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/opsdatasync.ssm.amazonaws.com/AWSServiceRoleForSystemsManagerOpsDataSync", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "opsdatasync.ssm.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/opsdatasync.ssm.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForSystemsManagerOpsDataSync" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSSystemsManagerOpsDataSyncServiceRolePolicy", + "PolicyName": "AWSSystemsManagerOpsDataSyncServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[opsinsights.ssm.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:35", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/opsinsights.ssm.amazonaws.com/AWSServiceRoleForAmazonSSM_OpsInsights", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "opsinsights.ssm.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/opsinsights.ssm.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonSSM_OpsInsights" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSSSMOpsInsightsServiceRolePolicy", + "PolicyName": "AWSSSMOpsInsightsServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[pullthroughcache.ecr.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:36", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/pullthroughcache.ecr.amazonaws.com/AWSServiceRoleForECRPullThroughCache", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "pullthroughcache.ecr.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/pullthroughcache.ecr.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForECRPullThroughCache" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSECRPullThroughCache_ServiceRolePolicy", + "PolicyName": "AWSECRPullThroughCache_ServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ram.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:37", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/ram.amazonaws.com/AWSServiceRoleForResourceAccessManager", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ram.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/ram.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForResourceAccessManager" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSResourceAccessManagerServiceRolePolicy", + "PolicyName": "AWSResourceAccessManagerServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[rds.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:38", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rds.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "Description": "Allows Amazon RDS to manage AWS resources on your behalf", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/rds.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": { + "LastUsedDate": "", + "Region": "ap-southeast-1" + }, + "RoleName": "AWSServiceRoleForRDS" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy", + "PolicyName": "AmazonRDSServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[redshift.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:39", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "redshift.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/redshift.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForRedshift" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonRedshiftServiceLinkedRolePolicy", + "PolicyName": "AmazonRedshiftServiceLinkedRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[replication.cassandra.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:40", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/replication.cassandra.amazonaws.com/AWSServiceRoleForKeyspacesReplication", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "replication.cassandra.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/replication.cassandra.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForKeyspacesReplication" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/KeyspacesReplicationServiceRolePolicy", + "PolicyName": "KeyspacesReplicationServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[replication.ecr.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:41", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/replication.ecr.amazonaws.com/AWSServiceRoleForECRReplication", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "replication.ecr.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/replication.ecr.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForECRReplication" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/ECRReplicationServiceRolePolicy", + "PolicyName": "ECRReplicationServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[repository.sync.codeconnections.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:42", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/repository.sync.codeconnections.amazonaws.com/AWSServiceRoleForGitSync", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "repository.sync.codeconnections.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/repository.sync.codeconnections.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForGitSync" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSGitSyncServiceRolePolicy", + "PolicyName": "AWSGitSyncServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[resource-explorer-2.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:43", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "resource-explorer-2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/resource-explorer-2.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": { + "LastUsedDate": "", + "Region": "us-west-2" + }, + "RoleName": "AWSServiceRoleForResourceExplorer" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy", + "PolicyName": "AWSResourceExplorerServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[rolesanywhere.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:44", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/rolesanywhere.amazonaws.com/AWSServiceRoleForRolesAnywhere", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "rolesanywhere.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/rolesanywhere.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForRolesAnywhere" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSRolesAnywhereServicePolicy", + "PolicyName": "AWSRolesAnywhereServicePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[s3-outposts.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:45", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/s3-outposts.amazonaws.com/AWSServiceRoleForS3OnOutposts", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "s3-outposts.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/s3-outposts.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForS3OnOutposts" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSS3OnOutpostsServiceRolePolicy", + "PolicyName": "AWSS3OnOutpostsServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ses.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:46", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/ses.amazonaws.com/AWSServiceRoleForAmazonSES", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ses.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/ses.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonSES" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonSESServiceRolePolicy", + "PolicyName": "AmazonSESServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[shield.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:47", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/shield.amazonaws.com/AWSServiceRoleForAWSShield", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "shield.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/shield.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAWSShield" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSShieldServiceRolePolicy", + "PolicyName": "AWSShieldServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ssm-incidents.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:48", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/ssm-incidents.amazonaws.com/AWSServiceRoleForIncidentManager", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ssm-incidents.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/ssm-incidents.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForIncidentManager" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSIncidentManagerServiceRolePolicy", + "PolicyName": "AWSIncidentManagerServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ssm-quicksetup.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:49", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/ssm-quicksetup.amazonaws.com/AWSServiceRoleForSSMQuickSetup", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ssm-quicksetup.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/ssm-quicksetup.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForSSMQuickSetup" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/SSMQuickSetupRolePolicy", + "PolicyName": "SSMQuickSetupRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ssm.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:50", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ssm.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "Description": "Provides access to AWS Resources managed or used by Amazon SSM.", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/ssm.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": { + "LastUsedDate": "", + "Region": "" + }, + "RoleName": "AWSServiceRoleForAmazonSSM" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy", + "PolicyName": "AmazonSSMServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[sso.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:51", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "sso.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "Description": "Service-linked role used by AWS SSO to manage AWS resources, including IAM roles, policies and SAML IdP on your behalf.", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/sso.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": { + "LastUsedDate": "", + "Region": "us-east-1" + }, + "RoleName": "AWSServiceRoleForSSO" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSSSOServiceRolePolicy", + "PolicyName": "AWSSSOServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[vpcorigin.cloudfront.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:52", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/vpcorigin.cloudfront.amazonaws.com/AWSServiceRoleForCloudFrontVPCOrigin", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "vpcorigin.cloudfront.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/vpcorigin.cloudfront.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForCloudFrontVPCOrigin" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AWSCloudFrontVPCOriginServiceRolePolicy", + "PolicyName": "AWSCloudFrontVPCOriginServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[waf.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:53", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/waf.amazonaws.com/AWSServiceRoleForWAFLogging", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "waf.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/waf.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForWAFLogging" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/WAFLoggingServiceRolePolicy", + "PolicyName": "WAFLoggingServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[wafv2.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:54", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/wafv2.amazonaws.com/AWSServiceRoleForWAFV2Logging", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "wafv2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/wafv2.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForWAFV2Logging" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/WAFV2LoggingServiceRolePolicy", + "PolicyName": "WAFV2LoggingServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix[autoscaling.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:55", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling_", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "autoscaling.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/autoscaling.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAutoScaling_" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy", + "PolicyName": "AutoScalingServiceRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix[connect.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:56", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "connect.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/connect.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForAmazonConnect_" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonConnectServiceLinkedRolePolicy", + "PolicyName": "AmazonConnectServiceLinkedRolePolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix[lexv2.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:57", + "recorded-content": { + "describe-response": { + "Role": { + "Arn": "arn::iam::111111111111:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots_", + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lexv2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "CreateDate": "", + "MaxSessionDuration": 3600, + "Path": "/aws-service-role/lexv2.amazonaws.com/", + "RoleId": "", + "RoleLastUsed": {}, + "RoleName": "AWSServiceRoleForLexV2Bots_" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "inline-role-policies": { + "IsTruncated": false, + "PolicyNames": [], + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "attached-role-policies": { + "AttachedPolicies": [ + { + "PolicyArn": "arn::iam::aws:policy/aws-service-role/AmazonLexV2BotPolicy", + "PolicyName": "AmazonLexV2BotPolicy" + } + ], + "IsTruncated": false, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ops.apigateway.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:57", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for ops.apigateway.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[eks-fargate.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:57", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for eks-fargate.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[emrwal.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:58", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for emrwal.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ops.emr-serverless.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:59", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for ops.emr-serverless.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[eks.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:31:59", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for eks.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[iotmanagedintegrations.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:00", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for iotmanagedintegrations.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[kafkaconnect.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:00", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for kafkaconnect.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[wafv2.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:01", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for wafv2.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[rolesanywhere.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:01", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for rolesanywhere.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[m2.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:02", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for m2.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[dms-fleet-advisor.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:03", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for dms-fleet-advisor.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[opsdatasync.ssm.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:03", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for opsdatasync.ssm.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[resource-explorer-2.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:04", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for resource-explorer-2.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[opsinsights.ssm.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:04", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for opsinsights.ssm.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[codestar-notifications.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:05", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for codestar-notifications.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[appmesh.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:05", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for appmesh.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[waf.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:06", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for waf.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[notifications.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:07", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for notifications.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[docdb-elastic.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:07", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for docdb-elastic.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[elasticbeanstalk.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:08", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for elasticbeanstalk.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[replication.ecr.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:08", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for replication.ecr.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ecs.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:09", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for ecs.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[batch.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:09", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for batch.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[shield.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:10", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for shield.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[redshift.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:10", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for redshift.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[rds.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:11", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for rds.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[mrk.kms.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:12", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for mrk.kms.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[eks-connector.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:12", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for eks-connector.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[kafka.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:13", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for kafka.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[observability.aoss.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:13", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for observability.aoss.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[lakeformation.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:14", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for lakeformation.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[memorydb.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:14", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for memorydb.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[elasticache.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:15", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for elasticache.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[emr-containers.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:16", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for emr-containers.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[pullthroughcache.ecr.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:16", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for pullthroughcache.ecr.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[imagebuilder.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:17", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for imagebuilder.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[cassandra.application-autoscaling.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:17", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for cassandra.application-autoscaling.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[s3-outposts.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:18", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for s3-outposts.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[eks-nodegroup.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:18", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for eks-nodegroup.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[accountdiscovery.ssm.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:19", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for accountdiscovery.ssm.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ssm-incidents.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:20", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for ssm-incidents.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[dms.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:20", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for dms.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ecr.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:21", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for ecr.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[sso.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:21", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for sso.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[lex.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:22", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for lex.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[repository.sync.codeconnections.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:22", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for repository.sync.codeconnections.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ram.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:23", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for ram.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[cks.kms.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:23", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for cks.kms.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[cloudtrail.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:24", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for cloudtrail.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ses.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:25", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for ses.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[opensearchservice.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:25", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for opensearchservice.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ssm-quicksetup.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:26", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for ssm-quicksetup.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[vpcorigin.cloudfront.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:26", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for vpcorigin.cloudfront.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ec2-instance-connect.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:27", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for ec2-instance-connect.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[acm.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:27", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for acm.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[elasticloadbalancing.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:28", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for elasticloadbalancing.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[fis.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:29", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for fis.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[elasticfilesystem.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:29", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for elasticfilesystem.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[replication.cassandra.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:30", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for replication.cassandra.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[config.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:30", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for config.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[autoscaling-plans.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:31", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for autoscaling-plans.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[mq.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:31", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for mq.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[email.cognito-idp.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:32", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for email.cognito-idp.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ec2.application-autoscaling.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:32", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for ec2.application-autoscaling.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[backup.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:33", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for backup.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[grafana.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:34", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for grafana.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[lightsail.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:34", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for lightsail.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ssm.amazonaws.com]": { + "recorded-date": "13-03-2025, 08:32:35", + "recorded-content": { + "custom-suffix-not-allowed": { + "Error": { + "Code": "InvalidInput", + "Message": "Custom suffix is not allowed for ssm.amazonaws.com", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_already_exists": { + "recorded-date": "13-03-2025, 15:18:42", + "recorded-content": { + "role-already-exists-error": { + "Error": { + "Code": "InvalidInput", + "Message": "Service role name AWSServiceRoleForBatch has been taken in this account, please try a different suffix.", + "Type": "Sender" + }, + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 400 + } + } + } + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_deletion": { + "recorded-date": "13-03-2025, 16:11:23", + "recorded-content": { + "service-linked-role-deletion-response": { + "DeletionTaskId": "task/aws-service-role/batch.amazonaws.com/AWSServiceRoleForBatch/", + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + }, + "service-linked-role-deletion-status-response": { + "Status": "SUCCEEDED", + "ResponseMetadata": { + "HTTPHeaders": {}, + "HTTPStatusCode": 200 + } + } + } } } diff --git a/tests/aws/services/iam/test_iam.validation.json b/tests/aws/services/iam/test_iam.validation.json index c3f72316977f0..9dad0bd733ca2 100644 --- a/tests/aws/services/iam/test_iam.validation.json +++ b/tests/aws/services/iam/test_iam.validation.json @@ -62,6 +62,441 @@ "tests/aws/services/iam/test_iam.py::TestIAMPolicyEncoding::test_put_user_policy_encoding": { "last_validated_date": "2025-03-06T12:25:07+00:00" }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_already_exists": { + "last_validated_date": "2025-03-13T15:18:42+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_deletion": { + "last_validated_date": "2025-03-13T16:11:22+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle": { + "last_validated_date": "2025-03-11T13:49:49+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[accountdiscovery.ssm.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:30:48+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[acm.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:30:49+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[appmesh.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:30:50+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[autoscaling-plans.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:30:51+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[autoscaling.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:30:52+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[backup.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:30:53+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[batch.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:30:54+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[cassandra.application-autoscaling.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:30:55+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[cks.kms.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:30:56+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[cloudtrail.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:30:57+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[codestar-notifications.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:30:58+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[config.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:30:59+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[connect.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:00+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[dms-fleet-advisor.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:01+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[dms.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:02+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[docdb-elastic.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:03+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ec2-instance-connect.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:04+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ec2.application-autoscaling.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:05+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ecr.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:06+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ecs.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:07+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[eks-connector.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:07+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[eks-fargate.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:08+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[eks-nodegroup.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:09+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[eks.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:10+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[elasticache.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:11+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[elasticbeanstalk.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:12+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[elasticfilesystem.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:13+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[elasticloadbalancing.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:13+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[email.cognito-idp.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:14+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[emr-containers.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:15+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[emrwal.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:16+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[fis.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:17+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[grafana.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:18+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[imagebuilder.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:19+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[iotmanagedintegrations.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:20+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[kafka.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:21+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[kafkaconnect.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:22+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[lakeformation.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:23+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[lex.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:24+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[lexv2.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:24+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[lightsail.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:25+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[m2.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:26+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[memorydb.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:27+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[mq.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:28+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[mrk.kms.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:29+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[notifications.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:30+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[observability.aoss.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:31+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[opensearchservice.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:32+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ops.apigateway.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:33+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ops.emr-serverless.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:33+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[opsdatasync.ssm.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:34+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[opsinsights.ssm.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:35+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[pullthroughcache.ecr.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:36+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ram.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:37+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[rds.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:38+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[redshift.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:39+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[replication.cassandra.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:40+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[replication.ecr.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:41+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[repository.sync.codeconnections.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:42+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[resource-explorer-2.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:43+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[rolesanywhere.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:44+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[s3-outposts.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:45+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ses.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:46+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[shield.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:47+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ssm-incidents.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:48+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ssm-quicksetup.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:48+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[ssm.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:50+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[sso.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:51+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[vpcorigin.cloudfront.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:52+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[waf.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:53+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle[wafv2.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:54+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix[autoscaling.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:55+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix[connect.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:56+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix[lexv2.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:56+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[accountdiscovery.ssm.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:19+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[acm.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:27+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[appmesh.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:05+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[autoscaling-plans.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:31+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[backup.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:33+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[batch.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:09+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[cassandra.application-autoscaling.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:17+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[cks.kms.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:23+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[cloudtrail.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:24+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[codestar-notifications.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:05+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[config.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:30+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[dms-fleet-advisor.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:03+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[dms.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:20+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[docdb-elastic.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:07+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ec2-instance-connect.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:27+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ec2.application-autoscaling.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:32+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ecr.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:21+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ecs.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:09+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[eks-connector.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:12+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[eks-fargate.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:57+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[eks-nodegroup.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:18+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[eks.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:59+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[elasticache.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:15+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[elasticbeanstalk.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:08+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[elasticfilesystem.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:29+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[elasticloadbalancing.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:28+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[email.cognito-idp.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:32+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[emr-containers.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:16+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[emrwal.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:58+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[fis.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:29+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[grafana.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:34+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[imagebuilder.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:17+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[iotmanagedintegrations.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:00+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[kafka.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:13+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[kafkaconnect.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:00+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[lakeformation.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:14+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[lex.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:22+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[lightsail.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:34+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[m2.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:02+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[memorydb.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:14+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[mq.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:31+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[mrk.kms.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:12+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[notifications.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:07+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[observability.aoss.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:13+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[opensearchservice.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:25+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ops.apigateway.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:57+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ops.emr-serverless.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:31:59+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[opsdatasync.ssm.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:03+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[opsinsights.ssm.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:04+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[pullthroughcache.ecr.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:16+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ram.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:23+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[rds.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:11+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[redshift.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:10+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[replication.cassandra.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:30+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[replication.ecr.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:08+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[repository.sync.codeconnections.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:22+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[resource-explorer-2.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:04+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[rolesanywhere.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:01+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[s3-outposts.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:18+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ses.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:24+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[shield.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:10+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ssm-incidents.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:19+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ssm-quicksetup.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:26+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[ssm.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:35+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[sso.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:21+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[vpcorigin.cloudfront.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:26+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[waf.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:06+00:00" + }, + "tests/aws/services/iam/test_iam.py::TestIAMServiceRoles::test_service_role_lifecycle_custom_suffix_not_allowed[wafv2.amazonaws.com]": { + "last_validated_date": "2025-03-13T08:32:01+00:00" + }, "tests/aws/services/iam/test_iam.py::TestIAMServiceSpecificCredentials::test_create_service_specific_credential_invalid_service": { "last_validated_date": "2025-03-06T16:58:37+00:00" },