1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Resource Query Language (RQL) Reference
    5. Prisma Cloud RQL Reference
    6. IAM Query
    7. IAM Query Conditions

    IAM Query Conditions

    The IAM Security module supports conditions which enables you to apply filters to the
    config from iam where
     query for more granular results. You can use conditions to minimize the exposure of a resource based policy by making it available only to an organization or specific account, or you can use conditions to minimize the access to a machine (EC2 instances or Lambda functions); for example, if a machine has permissions that are publicly available, you can add a condition to enable actions only to a specific IP address. IAM Security include s the new
    grantedby.cloud.condition
     attribute which queries permissions where the policy statement contain/doesn’t contain conditions (See IAM Query Attributes for full list of IAM attributes). The following example filters all results with the source IP address:
    screen:[config from iam where grantedby.cloud.policy.condition('aws:sourceIP') does not exist] Several operators are supported which gives you more flexibility on how filters are applied:
    • != (not equal)
    • = (equal)
    • does not exist
    • exists
    • in
    • not in
    Example
    config from iam where
     queries applying conditions along with brief explanations of what they do.
    Description
    RQL
    Operator
    Show results where a specific condition exists.
    config from iam where grantedby.cloud.policy.condition ('aws:sourceIP') exists
    exists
    Show results where a specific condition doesn’t exist.
    config from iam where grantedby.cloud.policy.condition ('aws:sourceIP') does not exist
    does not exist
    Show results where a specific condition and operator exists.
    config from iam where grantedby.cloud.policy.condition ('aws:sourceIP', 'IpAddress') exists
    exists
    Show results where a specific condition and operator doesn’t exist.
    config from iam where grantedby.cloud.policy.condition ('aws:sourceIP', 'IpAddress') does not exist
    does not exist
    Show results where a specific condition with a specific value exists.
    config from iam where grantedby.cloud.policy.condition ('aws:sourceIP') = '1.1.1.1'
    =
    Show results where a specific condition with a different value exists.
    config from iam where grantedby.cloud.policy.condition ('aws:sourceIP') != '1.1.1.1'
    !=
    Show results where a specific condition and operator with a specific value exists.
    config from iam where grantedby.cloud.policy.condition ('aws:sourceIP', 'IpAddress') = '1.1.1.1'
    =
    Show results where a specific condition and operator with a different value exists.
    config from iam where grantedby.cloud.policy.condition ('aws:sourceIP', 'IpAddress') != '1.1.1.1'
    !=
    Show results where a specific condition and operator with one or more different values does not exist.
    config from iam where grantedby.cloud.policy.condition ('aws:sourceIP') NOT IN ('1.1.1.1', '2.2.2.2')
    NOT IN
    Show results where a specific condition and operator with one or more different values exists.
    config from iam where grantedby.cloud.policy.condition('aws:sourceIP', 'IpAddress') NOT IN ('1.1.1.1', '2.2.2.2')
    NOT IN
    Show results where a specific condition with one or more values exists.
    config from iam where grantedby.cloud.policy.condition ('aws:sourceIP') IN ('1.1.1.1')
    IN
    Show results where a specific condition and operator with one or more values exists.
    config from iam where grantedby.cloud.policy.condition ('aws:sourceIP', 'IpAddress') IN ('1.1.1.1')
    IN

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo