def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
pinpoint_app = aws_pinpoint.CfnApp(self,
"integ_test_pinpoint_app",
name="integ_test_pinpoint_app")
self._parameters_to_save["app_id"] = pinpoint_app.ref
legacy_mobileanalytics_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["mobileanalytics:PutEvents"],
resources=["*"],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=legacy_mobileanalytics_policy)
app_arn = f"arn:aws:mobiletargeting:{self.region}:{self.account}:apps/*"
app_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"mobiletargeting:PutEvents", "mobiletargeting:UpdateEndpoint"
],
resources=[app_arn],
)
common_stack.add_to_common_role_policies(self,
policy_to_add=app_policy)
self.save_parameters_in_parameter_store(platform=Platform.IOS)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
domain_prefix = "integ_test_sdb_domain"
self.parameters_to_save["domain_prefix"] = domain_prefix
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"sdb:BatchPutAttributes",
"sdb:CreateDomain",
"sdb:DeleteDomain",
"sdb:PutAttributes",
"sdb:Select",
],
resources=[
f"arn:aws:sdb:{self.region}:{self.account}:domain/{domain_prefix}*"
],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=all_resources_policy)
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["sdb:ListDomains"],
resources=["*"])
common_stack.add_to_common_role_policies(
self, policy_to_add=all_resources_policy)
self.save_parameters_in_parameter_store(platform=Platform.IOS)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"transcribe:CreateVocabulary",
"transcribe:DeleteVocabulary",
"transcribe:GetTranscriptionJob",
"transcribe:GetVocabulary",
"transcribe:ListTranscriptionJobs",
"transcribe:ListVocabularies",
"transcribe:StartStreamTranscriptionWebSocket",
"transcribe:StartTranscriptionJob",
],
resources=["*"],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=all_resources_policy)
self.create_bucket(common_stack)
self.save_parameters_in_parameter_store(platform=Platform.IOS)
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW, actions=["dynamodb:ListTables"], resources=["*"]
)
common_stack.add_to_common_role_policies(self, policy_to_add=all_resources_policy)
table_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"dynamodb:BatchGetItem",
"dynamodb:BatchWriteItem",
"dynamodb:CreateTable",
"dynamodb:DeleteTable",
"dynamodb:DescribeTable",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:UpdateItem",
"dynamodb:UpdateTable",
],
resources=[f"arn:aws:dynamodb:{self.region}:{self.account}:table/*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=table_resources_policy)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"elasticloadbalancing:DescribeAccountLimits",
"elasticloadbalancing:DescribeLoadBalancers",
],
resources=["*"],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=all_resources_policy)
specified_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["elasticloadbalancing:ConfigureHealthCheck"],
resources=[
f"arn:aws:elasticloadbalancing:{self.region}:{self.account}:loadbalancer/*"
],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=specified_resources_policy)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.are_services_supported_in_region(
["lambda"])
aws_lambda.Function(
self,
"EchoHandler",
runtime=aws_lambda.Runtime.PYTHON_3_7,
code=aws_lambda.Code.asset("lambda"),
handler="echo_handler.handler",
function_name="echo",
)
echo_first = aws_lambda.Function(
self,
"EchoFirstHandler",
runtime=aws_lambda.Runtime.PYTHON_3_7,
code=aws_lambda.Code.asset("lambda"),
handler="echo_handler_first.handler",
function_name="echoFirst",
)
echo_first.add_version("1")
aws_lambda.Alias(self,
"alias",
alias_name="alias",
version=echo_first.latest_version)
common_stack.add_to_common_role_policies(self)
def update_common_stack_with_test_policy(self, common_stack: CommonStack):
stack_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["cognito-identity:*", "cognito-idp:AdminCreateUser"],
resources=["*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=stack_policy)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["kinesis:ListStreams"],
resources=["*"],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=all_resources_policy)
stream_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"kinesis:CreateStream",
"kinesis:DeleteStream",
"kinesis:DescribeStream",
"kinesis:GetShardIterator",
"kinesis:GetRecords",
"kinesis:PutRecord",
"kinesis:PutRecords",
],
resources=[
f"arn:aws:kinesis:{self.region}:{self.account}:stream/*"
],
)
common_stack.add_to_common_role_policies(self,
policy_to_add=stream_policy)
self.save_parameters_in_parameter_store(Platform.IOS)
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
# Create policy for KMS key
policy = iam.PolicyDocument(
statements=[
iam.PolicyStatement(
actions=["kms:*"],
effect=iam.Effect.ALLOW,
resources=["*"],
principals=[iam.AccountPrincipal(core.Aws.ACCOUNT_ID)],
)
]
)
# Create KMS key for S3 server-side encryption
key = kms.Key(self, "s3SSETestkmsKey", policy=policy)
# Create S3 bucket for SSE testing
bucket = s3.Bucket(
self, "s3TestBucket", encryption=s3.BucketEncryption.KMS, encryption_key=key
)
# Create SSM parameters for the KMS key id, KMS bucket name and region
self._parameters_to_save = {
"sse_kms_key_id": key.key_id,
"bucket_with_sse_kms_enabled": bucket.bucket_name,
"bucket_with_sse_kms_region": core.Aws.REGION,
}
self.save_parameters_in_parameter_store(platform=Platform.ANDROID)
common_stack.add_to_common_role_policies(self)
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
identity_pool = cognito.CfnIdentityPool(
self, "pinpoint_integ_test_android", allow_unauthenticated_identities=True
)
unauthenticated_role = iam.Role(
self,
"CognitoDefaultUnauthenticatedRole",
assumed_by=iam.FederatedPrincipal(
"cognito-identity.amazonaws.com",
{
"StringEquals": {"cognito-identity.amazonaws.com:aud": identity_pool.ref},
"ForAnyValue:StringLike": {
"cognito-identity.amazonaws.com:amr": "unauthenticated"
},
},
"sts:AssumeRoleWithWebIdentity",
),
)
unauthenticated_role.add_to_policy(
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=[
"cognito-sync:*",
"iot:Connect",
"iot:Publish",
"iot:Subscribe",
"iot:Receive",
"iot:GetThingShadow",
"iot:DescribeEndpoint",
"iot:CreateKeysAndCertificate",
"iot:CreatePolicy",
"iot:AttachPolicy",
],
resources=["*"],
)
)
cognito.CfnIdentityPoolRoleAttachment(
self,
"DefaultValid",
identity_pool_id=identity_pool.ref,
roles={"unauthenticated": unauthenticated_role.role_arn},
)
self._parameters_to_save = {"identity_pool_id": identity_pool.ref}
self.save_parameters_in_parameter_store(platform=Platform.ANDROID)
stack_policy = iam.PolicyStatement(
effect=iam.Effect.ALLOW, actions=["cognito-identity:*", "iot:*"], resources=["*"]
)
common_stack.add_to_common_role_policies(self, policy_to_add=stack_policy)
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["ec2:DescribeImages", "ec2:DescribeInstances"],
resources=["*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=all_resources_policy)
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
collection_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["rekognition:CreateCollection", "rekognition:IndexFaces"],
resources=[f"arn:aws:rekognition:{self.region}:{self.account}:collection/*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=collection_policy)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
logs.LogGroup(self,
"android-integ-test-log-group",
log_group_name="com/amazonaws/tests")
common_stack.add_to_common_role_policies(self)
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
# Create API
api = apigateway.RestApi(self, "testApi")
# Generate a random API key, add it to the underlying CloudFormation
# resource of the Construct so that we can use it in our tests.
api_key_value = self.random_hex(20)
api_key = api.add_api_key("testKey")
cfn_api_key = api_key.node.default_child
cfn_api_key.add_property_override("Value", api_key_value)
# Create Usage Plan and add it to the API
plan = api.add_usage_plan("usagePlan", api_key=api_key)
plan.add_api_stage(stage=api.deployment_stage)
# Create resources in API
echo = api.root.add_resource("echo")
echo_post = echo.add_resource("post")
auth = api.root.add_resource("auth")
apikey = api.root.add_resource("apikey")
# Wire up methods
get_url = self.HTTPBIN_URL_TEMPLATE.format(method="get")
post_url = self.HTTPBIN_URL_TEMPLATE.format(method="post")
get_integration = apigateway.HttpIntegration(get_url)
post_integration = apigateway.HttpIntegration(post_url, http_method="POST")
options_integration = apigateway.HttpIntegration(get_url, http_method="OPTIONS")
head_integration = apigateway.HttpIntegration(get_url, http_method="HEAD")
echo.add_method("GET", get_integration)
echo.add_method("OPTIONS", options_integration)
echo.add_method("HEAD", head_integration)
echo_post.add_method("POST", post_integration)
auth.add_method("GET", get_integration, authorization_type=apigateway.AuthorizationType.IAM)
apikey.add_method("GET", get_integration, api_key_required=True)
# Generate all methods for /echo
for method in ("put", "post", "delete", "patch"):
url = self.HTTPBIN_URL_TEMPLATE.format(method=method)
integration = apigateway.HttpIntegration(url, http_method=method)
echo.add_method(method.upper(), integration)
# Create SSM parameters for the endpoint of the API and the API key
self._parameters_to_save = {"endpoint": api.url, "api_key": api_key_value}
self.save_parameters_in_parameter_store(platform=Platform.ANDROID)
common_stack.add_to_common_role_policies(self)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["ses:GetSendQuota", "ses:VerifyEmailIdentity"],
resources=["*"],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=all_resources_policy)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.are_services_supported_in_region(
["cognito-identity"])
(self._facebook_app_id,
self._facebook_app_secret) = CoreStack.get_facebook_app_config()
supported_login_providers = {
"graph.facebook.com": self._facebook_app_id
}
(
identity_pool_with_facebook,
identity_pool_auth_role,
identity_pool_unauth_role,
) = construct_identity_pool(
self,
resource_id_prefix="core",
supported_login_providers=supported_login_providers,
developer_provider_name="iostests.com",
)
(unauth_identity_pool, _, _) = construct_identity_pool(
self,
resource_id_prefix="core2",
auth_role=identity_pool_auth_role,
unauth_role=identity_pool_unauth_role,
)
self._parameters_to_save = {
"identityPoolId": identity_pool_with_facebook.ref,
"unauthIdentityPoolId": unauth_identity_pool.ref,
"authRoleArn": identity_pool_auth_role.role_arn,
"unauthRoleArn": identity_pool_unauth_role.role_arn,
"facebookAppId": self._facebook_app_id,
"facebookAppSecret": self._facebook_app_secret,
}
self.create_wic_provider_test_role()
stack_policy = aws_iam.PolicyStatement(effect=aws_iam.Effect.ALLOW,
actions=["cognito-identity:*"],
resources=["*"])
common_stack.add_to_common_role_policies(self,
policy_to_add=stack_policy)
self.save_parameters_in_parameter_store(platform=Platform.IOS)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["textract:AnalyzeDocument"],
resources=["*"])
common_stack.add_to_common_role_policies(
self, policy_to_add=all_resources_policy)
self.save_parameters_in_parameter_store(Platform.IOS)
def __init__(self, scope: core.Construct, id: str,
lambda_echo: aws_lambda.Function, common_stack: CommonStack,
**kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
endpoint = aws_apigateway.LambdaRestApi(self,
"endpoint",
handler=lambda_echo)
self._parameters_to_save = {"endpointURL": endpoint.url}
self.save_parameters_in_parameter_store(platform=Platform.IOS)
common_stack.add_to_common_role_policies(self)
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW, actions=["cognito-idp:CreateUserPool"], resources=["*"]
)
common_stack.add_to_common_role_policies(self, policy_to_add=all_resources_policy)
specified_resources_arn = "arn:aws:cognito-idp:{}:{}:userpool/*".format(
self.region, self.account
)
specified_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["cognito-idp:AdminConfirmSignUp", "cognito-idp:CreateUserPoolClient"],
resources=[specified_resources_arn],
)
common_stack.add_to_common_role_policies(self, policy_to_add=specified_resources_policy)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
self._parameters_to_save = {}
self.setup_identity_pool()
self.setup_custom_authorizer()
self.save_parameters_in_parameter_store(platform=Platform.ANDROID)
stack_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["cognito-identity:*", "iot:*"],
resources=["*"])
common_stack.add_to_common_role_policies(self,
policy_to_add=stack_policy)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"comprehend:BatchDetectEntities",
"comprehend:DetectDominantLanguage",
"comprehend:DetectEntities",
"comprehend:DetectKeyPhrases",
"comprehend:DetectSentiment",
],
resources=["*"],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=all_resources_policy)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
echo = aws_lambda.Function(
self,
"echo",
runtime=aws_lambda.Runtime.PYTHON_3_7,
code=aws_lambda.Code.asset("lambda"),
handler="echo.handler",
description=datetime.now().strftime("%d-%b-%Y (%H:%M:%S.%f)"),
current_version_options=aws_lambda.VersionOptions(
removal_policy=core.RemovalPolicy.DESTROY),
)
version_alias_associated_version, version_alias_name = self.attach_alias_to_version(
echo.current_version)
echo2 = aws_lambda.Function(
self,
"echo2",
runtime=aws_lambda.Runtime.PYTHON_3_7,
code=aws_lambda.Code.asset("lambda"),
handler="echo.handler",
)
self._parameters_to_save = {
"echo_function_name": echo.function_name,
"echo2_function_name": echo2.function_name,
"version_alias_name": version_alias_name,
"version_alias_associated_version":
version_alias_associated_version,
}
self.save_parameters_in_parameter_store(platform=Platform.IOS)
self._lambda_echo_function = echo
common_stack.add_to_common_role_policies(self)
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics"],
resources=["*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=all_resources_policy)
specified_resources_arn = "arn:aws:cloudwatch:{}:{}:alarm:*".format(
self.region, self.account
)
specified_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["cloudwatch:DescribeAlarmHistory"],
resources=[specified_resources_arn],
)
common_stack.add_to_common_role_policies(self, policy_to_add=specified_resources_policy)
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
describe_account_limits_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["autoscaling:DescribeAccountLimits"],
resources=["*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=describe_account_limits_policy)
attach_instances_arn = "arn:aws:autoscaling:{}:{}:autoScalingGroup:*:autoScalingGroupName/*".format( # noqa: E501
self.region, self.account
)
attach_instances_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["autoscaling:AttachInstances"],
resources=[attach_instances_arn],
)
common_stack.add_to_common_role_policies(self, policy_to_add=attach_instances_policy)
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
self.create_bucket(common_stack)
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"polly:DeleteLexicon",
"polly:GetSpeechSynthesisTask",
"polly:ListSpeechSynthesisTasks",
"polly:PutLexicon",
"polly:StartSpeechSynthesisTask",
"polly:SynthesizeSpeech",
],
resources=["*"],
)
common_stack.add_to_common_role_policies(self, policy_to_add=all_resources_policy)
self.save_parameters_in_parameter_store(platform=Platform.IOS)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
identity_pools = [self.identity_pool(i) for i in range(2)]
self._supported_in_region = self.is_service_supported_in_region(
"cognito-identity")
# Create an SSM parameter for the identity pool IDs
self._parameters_to_save = {
"identity_pool_id": identity_pools[0].ref,
"other_identity_pool_id": identity_pools[1].ref,
}
self.save_parameters_in_parameter_store(platform=Platform.ANDROID)
stack_policy = iam.PolicyStatement(effect=iam.Effect.ALLOW,
actions=["cognito-identity:*"],
resources=["*"])
common_stack.add_to_common_role_policies(self,
policy_to_add=stack_policy)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
bucket_name_prefix = self.create_dynamic_bucket_prefix()
bucket_name_basic = self.create_basic_bucket()
bucket_name_periods = self.create_period_bucket()
bucket_name_transfer_acceleration = self.create_transfer_accelerated_bucket(
)
bucket_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["s3:*"],
resources=[
f"arn:aws:s3:::{bucket_name_prefix}*",
f"arn:aws:s3:::{bucket_name_prefix}*/*",
f"arn:aws:s3:::{bucket_name_basic}",
f"arn:aws:s3:::{bucket_name_basic}/*",
f"arn:aws:s3:::{bucket_name_periods}",
f"arn:aws:s3:::{bucket_name_periods}/*",
f"arn:aws:s3:::{bucket_name_transfer_acceleration}",
f"arn:aws:s3:::{bucket_name_transfer_acceleration}/*",
],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=bucket_resources_policy)
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["s3:ListAllMyBuckets"],
resources=["*"])
common_stack.add_to_common_role_policies(
self, policy_to_add=all_resources_policy)
self.save_parameters_in_parameter_store(platform=Platform.IOS)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
# Test simply asserts the existence of a queue
aws_sqs.Queue(self, "integ_test_sqs_queue")
queue_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["sqs:GetQueueAttributes"],
resources=[f"arn:aws:sqs:{self.region}:{self.account}:*"],
)
common_stack.add_to_common_role_policies(self,
policy_to_add=queue_policy)
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["sqs:ListQueues"],
resources=["*"],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=all_resources_policy)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
all_resources_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["kms:CreateKey"],
resources=["*"],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=all_resources_policy)
alias_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=["kms:CreateAlias"],
resources=[f"arn:aws:kms:{self.region}:{self.account}:alias*"],
)
common_stack.add_to_common_role_policies(self,
policy_to_add=alias_policy)
key_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"kms:CancelKeyDeletion",
"kms:CreateAlias",
"kms:Decrypt",
"kms:DescribeKey",
"kms:DisableKeyRotation",
"kms:Encrypt",
"kms:ScheduleKeyDeletion",
],
resources=[f"arn:aws:kms:{self.region}:{self.account}:key*"],
)
common_stack.add_to_common_role_policies(self,
policy_to_add=key_policy)
def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.is_service_supported_in_region()
# Map #
# Reusing the get_bucket_name function to get a unique name for the map
mapName = self.get_bucket_name("map")
self._parameters_to_save["map_name"] = mapName
aws_location.CfnMap(
self,
"integ_test_location_map",
configuration=aws_location.CfnMap.MapConfigurationProperty(
style="VectorEsriStreets"),
map_name=mapName,
pricing_plan="RequestBasedUsage",
)
location_map_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"geo:GetMapStyleDescriptor",
"geo:GetMapGlyphs",
"geo:GetMapSprites",
"geo:GetMapTile",
],
resources=[f"arn:aws:geo:{self.region}:{self.account}:map/*"],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=location_map_policy)
# Search #
# Reusing the get_bucket_name function to get a unique name for the place index.
placeIndexName = self.get_bucket_name("placeIndex")
self._parameters_to_save["place_index"] = placeIndexName
aws_location.CfnPlaceIndex(
self,
"integ_test_location_placeIndex",
data_source="Esri",
index_name=placeIndexName,
pricing_plan="RequestBasedUsage",
)
location_placeIndex_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"geo:SearchPlaceIndexForPosition",
"geo:SearchPlaceIndexForText"
],
resources=[
f"arn:aws:geo:{self.region}:{self.account}:place-index/*"
],
)
common_stack.add_to_common_role_policies(
self, policy_to_add=location_placeIndex_policy)
self.save_parameters_in_parameter_store(platform=Platform.IOS)
