AddMetadataLabels adds the AccountID and Region as labels.

ConvertIAMError converts common errors from IAM clients to trace errors.

ConvertIAMv2Error converts common errors from IAM clients to trace errors.

ConvertLoadConfigError converts common AWS config loading errors to trace errors.

ConvertRequestFailureError converts `error` into AWS RequestFailure errors to trace errors.

GetIdentityWithClient determines AWS identity of this Teleport process using the provided STS API client.

IdentityFromArn returns an `Identity` interface based on the provided ARN.

IsTagValueTrue checks whether a tag value is true.

LabelsToRDSV2Tags converts labels into [rdsTypesV2.Tag] list.

LabelsToTags converts a label map to a list of AWS resource tags.

NewInstanceMetadataClient creates a new instance metadata client.

NewPolicies creates new instance of Policies using the provided identity, partitionID and IAM client.

NewPolicy returns a new AWS IAM Policy.

NewPolicyDocument returns new empty AWS IAM policy document.

ParsePolicyDocument returns parsed AWS IAM policy document.

PolicyDocumentForExternalAuditStorage returns a PolicyDocument with the necessary IAM permissions for the External Audit Storage feature.

StatementForAWSOIDCRoleTrustRelationship returns the Trust Relationship to allow the OpenID Connect Provider set up during the AWS OIDC Onboarding to assume this Role.

StatementForEC2InstanceConnectEndpoint returns the statement that allows the flow for accessing an EC2 instance using its private IP, using EC2 Instance Connect Endpoint.

StatementForECSManageService returns the statement that allows managing the ECS Service deployed by DeployService (AWS OIDC Integration).

StatementForECSTaskRoleTrustRelationships returns the Trust Relationship to allow the ECS Tasks service to.

StatementForIAMEditRolePolicy returns a IAM Policy Statement which allows editting Role Policy of the resources.

StatementForIAMEditUserPolicy returns a IAM Policy Statement which allows editting User Policy of the resources.

StatementForIAMPassRole returns a statement that allows to iam:PassRole the target role.

StatementForListRDSDatabases returns the statement that allows listing RDS DB Clusters and Instances.

StatementForRDSDBConnect returns a statement that allows the `rds-db:connect` for all RDS DBs.

StatementForWritingLogs returns the statement that allows the writing logs to CloudWatch.

TagsToLabels converts a list of AWS resource tags to a label map.

WithIMDSClient adds a custom internal imds.Client to an InstanceMetadataClient.

EffectAllow is the Allow IAM policy effect.

EffectDeny is the Deny IAM policy effect.

PolicyVersion is default IAM policy version.

ResourceTypeAssumedRole is the resource type for an AWS IAM assumed role.

ResourceTypeRole is the resource type for an AWS IAM role.

ResourceTypeUser is the resource type for an AWS IAM user.

TagKeyTeleportCreated defines a tag key that indicates the the cloud resource is created by Teleport.

TagKeyTeleportManaged defines a tag key that indicates the the cloud resource is being managed by Teleport.

TagValueTrue is the tag value "true" in string format.

ExternalAuditStoragePolicyConfig holds options for the External Audit Storage IAM policy.

InstanceMetadataClient is a wrapper for an imds.Client.

Policy represents an AWS IAM policy.

PolicyDocument represents a parsed AWS IAM policy document.

Role represents an AWS IAM role identity.

Statement is a single AWS IAM policy statement.

Unknown represents an unknown/unsupported AWS IAM identity.

User represents an AWS IAM user identity.

Identity represents an AWS IAM identity such as user or role.

Policies set of IAM Policy helper functions defined as an interface to make easier for other packages to mock and test with it.

ResourceTag is a generic interface that represents an AWS resource tag.

SettableTag is a generic interface that represents an AWS resource tag with SetKey and SetValue functions.

InstanceMetadataClientOption allows setting options as functional arguments to an InstanceMetadataClient.

SliceOrString defines a type that can be either a single string or a slice.