def statements():
# doc-start
s1 = statement.Ec2() \
.allow() \
.to_start_instances()
s2 = statement.Ec2() \
.deny() \
.to_stop_instances()
# doc-end
return [s1, s2]
def statements():
# doc-start
s1 = statement.Ec2() \
.deny() \
.all_permission_management_actions()
s2 = statement.Ec2() \
.allow() \
.all_list_actions() \
.all_read_actions()
# doc-end
return [s1, s2]
def get_policy():
# doc-start
policy = {
'Version':
'2012-10-17',
'Statement': [
statement.Ec2().allow().to_start_instances().if_aws_request_tag(
'Owner', '${aws:username}').to_json(),
statement.Ec2().allow().to_stop_instances().if_resource_tag(
'Owner', '${aws:username}').to_json(),
statement.Ec2().allow().all_list_actions().all_read_actions().
to_json()
]
}
# doc-end
return policy
def get_statement():
# doc-start
my_statement = statement.Ec2()
my_statement.allow()
my_statement.to_start_instances()
my_statement.to_stop_instances()
# doc-end
return my_statement
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2() \
.allow() \
.to_start_instances() \
.to_stop_instances()
# doc-end
)
all = [s]
out(all)
deploy(all)
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2() \
.allow() \
.all_write_actions()
# doc-end
)
all = [s]
out(all)
# deploy(all) disabled, bc exceeds policy size limit
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2() \
.deny() \
.all_matching_actions('/vpn/i')
# doc-end
)
all = [s]
out(all)
deploy(all)
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(os.path.abspath(
inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2() \
.allow() \
.all_tagging_actions()
# doc-end
)
all = [s]
out(all)
deploy(all)
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2() \
.allow() \
.all_read_actions()
.all_list_actions()
.compact()
# doc-end
)
all = [s]
out(all)
deploy(all)
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(os.path.abspath(
inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2() \
.allow() \
.all_permission_management_actions()
# doc-end
)
all = [s]
out(all)
deploy(all)
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2() \
.deny() \
.to_start_instances() \
.to_stop_instances()
# doc-end
)
all = [s]
out(all)
deploy(all)
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2().to_start_instances()
# doc-end
)
all = [s]
out(all)
deploy(all)
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(os.path.abspath(
inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2() \
.allow() \
.to_start_instances() \
.if_('ec2:missingCondition', 'some-value')
# doc-end
)
all = [s]
out(all)
deploy(all)
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2() \
.allow() \
.all_list_actions()
# doc-end
)
all = [s]
out(all)
deploy(all)
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2() \
.allow() \
.to_start_instances() \
.if_aws_request_tag('Environment',
['Production', 'Staging', 'Dev'],
statement.Operator().string_equals().if_exists())
# doc-end
)
all = [s]
out(all)
deploy(all)
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2() \
.allow() \
.to_start_instances() \
.if_encrypted() \
.if_instance_type(['t3.micro', 't3.nano']) \
.if_associate_public_ip_address(False) \
.if_aws_request_tag('Owner', 'John')
# doc-end
)
all = [s]
out(all)
deploy(all)
import iam_floyd as statement
import importlib
import os
import sys
import inspect
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
helperDir = '%s/../../helper/python' % currentdir
sys.path.insert(0, helperDir)
test = importlib.import_module('python_test')
out = getattr(test, 'out')
deploy = getattr(test, 'deploy')
s = (
# doc-start
statement.Ec2() \
.allow() \
.all_read_actions()
# doc-end
)
all = [s]
out(all)
deploy(all)
