def _create_role_policy(stack_arn, function_name):
cf = boto3.client('cloudformation', region_name=discovery_utils.get_region_from_stack_arn(stack_arn))
try:
res = discovery_utils.try_with_backoff(lambda : cf.describe_stack_resources(StackName=stack_arn))
print 'describe_stack_resource(StackName="{}") result: {}'.format(stack_arn, res)
except Exception as e:
print 'describe_stack_resource(StackName="{}") error: {}'.format(stack_arn, getattr(e, 'response', e))
raise e
policy = {
'Version': '2012-10-17',
'Statement': [
{
"Sid": "WriteLogs",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
for resource in res['StackResources']:
statement = _make_resource_statement(cf, stack_arn, function_name, resource['LogicalResourceId'])
if statement is not None:
policy['Statement'].append(statement)
print 'generated policy: {}'.format(policy)
return json.dumps(policy, indent=4)
def _create_role_policy(stack_arn, policy_name, default_statements,
policy_metadata_filter):
if not isinstance(default_statements, list):
raise ValidationError('The default_statements value is not a list.')
cf = boto3.client(
'cloudformation',
region_name=discovery_utils.get_region_from_stack_arn(stack_arn))
try:
res = discovery_utils.try_with_backoff(
lambda: cf.describe_stack_resources(StackName=stack_arn))
print 'describe_stack_resource(StackName="{}") result: {}'.format(
stack_arn, res)
except Exception as e:
print 'describe_stack_resource(StackName="{}") error: {}'.format(
stack_arn, getattr(e, 'response', e))
raise e
policy = {
'Version': '2012-10-17',
'Statement': copy.deepcopy(default_statements)
}
for resource in res['StackResources']:
statement = _make_resource_statement(cf, stack_arn, policy_name,
resource['LogicalResourceId'],
policy_metadata_filter)
if statement is not None:
policy['Statement'].append(statement)
print 'generated policy: {}'.format(policy)
return json.dumps(policy, indent=4)
def _create_role_policy(stack_arn, function_name):
cf = boto3.client(
'cloudformation',
region_name=discovery_utils.get_region_from_stack_arn(stack_arn))
try:
res = discovery_utils.try_with_backoff(
lambda: cf.describe_stack_resources(StackName=stack_arn))
print 'describe_stack_resource(StackName="{}") result: {}'.format(
stack_arn, res)
except Exception as e:
print 'describe_stack_resource(StackName="{}") error: {}'.format(
stack_arn, getattr(e, 'response', e))
raise e
policy = {
'Version':
'2012-10-17',
'Statement': [{
"Sid":
"WriteLogs",
"Effect":
"Allow",
"Action": [
"logs:CreateLogGroup", "logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource":
"arn:aws:logs:*:*:*"
}]
}
for resource in res['StackResources']:
statement = _make_resource_statement(cf, stack_arn, function_name,
resource['LogicalResourceId'])
if statement is not None:
policy['Statement'].append(statement)
print 'generated policy: {}'.format(policy)
return json.dumps(policy, indent=4)
def get_cloud_formation_client(stack_arn):
region = discovery_utils.get_region_from_stack_arn(stack_arn)
return discovery_utils.CloudFormationClientWrapper(
boto3.client('cloudformation', region_name=region))
def region(self):
return discovery_utils.get_region_from_stack_arn(self.stack_arn)
