Filtering IAM Roles on the 'path' property not working

[dipenj]

Filtering IAM Roles based on Path property for IAM Roles is not working, using either of the following:-

Using property and regex together:

IAMRole:
  - property: Path
    type: regex
    value: /aws-reserved/.*

Using property and glob together:

IAMRole:    
  - property: Path
    type: glob
    value: /aws-reserved*

Nuke fails with the error:

level=error msg="UnmodifiableEntity: Cannot perform the operation on the protected role 'AWSReservedSSO_AdministratorAccess_e75a083b411454fb' -  this role is only modifiable by AWS

Is there a way to filter IAM Roles based on either of its path or arn?

[der-eismann]

Hey @dipenj, sorry for the late reply. It didn't work because the IAMRole resource didn't have a Path property. After pulling the latest master build you should be able to filter with the following settings:

      - property: Path
        type: regex
        value: "/aws-reserved/.*"

      - property: Path
        type: glob
        value: "/aws-reserved/*"

For the glob type see readme:

Note that globbing is designed for file paths, so the wildcards do not match the directory separator (/)

That means if the roles are nested further you need to add the separators like /aws-reserved/*/*/*... whereas the regex would catch them all.