def test_get_default_assumerole_policy(self): default_policy = get_default_assumerole_policy('us-east-1') cn_policy = get_default_assumerole_policy('cn-north-1') self.assertEqual(get_policy_service(default_policy), 'ec2.amazonaws.com') self.assertEqual(get_policy_service(cn_policy), 'ec2.amazonaws.com.cn')
def test_get_default_assumerole_policy(self): default_policy = get_default_assumerole_policy("us-east-1") cn_policy = get_default_assumerole_policy("cn-north-1") self.assertEqual(get_policy_service(default_policy), "ec2.amazonaws.com") self.assertEqual(get_policy_service(cn_policy), "ec2.amazonaws.com.cn")
def test_get_default_assumerole_policy(self): default_policy = get_default_assumerole_policy('us-east-1') cn_policy = get_default_assumerole_policy('cn-north-1') self.assertEqual(get_policy_service(default_policy), ['ec2.amazonaws.com']) self.assertEqual(get_policy_service(cn_policy), ['ec2.amazonaws.com.cn'])
def create_iam_profile(self): t = self.template # Create EC2 Container Service Role t.add_resource( Role("ecsServiceRole", AssumeRolePolicyDocument=get_ecs_assumerole_policy(), Path="/", Policies=[ Policy(PolicyName="ecsServiceRolePolicy", PolicyDocument=service_role_policy()) ])) # Role for Empire Controllers t.add_resource( Role("EmpireControllerRole", AssumeRolePolicyDocument=get_default_assumerole_policy(), Path="/", Policies=[ Policy(PolicyName="EmpireControllerPolicy", PolicyDocument=empire_policy()) ])) t.add_resource( InstanceProfile("EmpireControllerProfile", Path="/", Roles=[Ref("EmpireControllerRole")]))
def create_iam_profile(self): t = self.template # Create EC2 Container Service Role t.add_resource( Role( "ecsServiceRole", AssumeRolePolicyDocument=get_ecs_assumerole_policy(), Path="/", Policies=[ Policy(PolicyName="ecsServiceRolePolicy", PolicyDocument=service_role_policy()) ])) # Role for Empire Controllers t.add_resource( Role( "EmpireControllerRole", AssumeRolePolicyDocument=get_default_assumerole_policy(), Path="/", Policies=[ Policy(PolicyName="EmpireControllerPolicy", PolicyDocument=empire_policy())])) t.add_resource( InstanceProfile( "EmpireControllerProfile", Path="/", Roles=[Ref("EmpireControllerRole")]))
def create_iam_profile(self): t = self.template # Create EC2 Container Service Role t.add_resource( Role("ecsServiceRole", AssumeRolePolicyDocument=get_ecs_assumerole_policy(), Path="/", Policies=[ Policy(PolicyName="ecsServiceRolePolicy", PolicyDocument=service_role_policy()) ])) # Role for Empire Controllers t.add_resource( Role("EmpireControllerRole", AssumeRolePolicyDocument=get_default_assumerole_policy(), Path="/", Policies=[ Policy(PolicyName="EmpireControllerPolicy", PolicyDocument=empire_policy()) ])) # Add SNS Events policy if Events are enabled t.add_resource( PolicyType("SNSEventsPolicy", PolicyName="EmpireSNSEventsPolicy", Condition="EnableSNSEvents", PolicyDocument=sns_events_policy(Ref("EventTopic")), Roles=[Ref("EmpireControllerRole")])) t.add_resource( InstanceProfile("EmpireControllerProfile", Path="/", Roles=[Ref("EmpireControllerRole")])) t.add_output( Output("EmpireControllerRole", Value=Ref("EmpireControllerRole")))
def create_iam_profile(self): t = self.template ec2_role_policy = get_default_assumerole_policy() t.add_resource( Role("EmpireMinionRole", AssumeRolePolicyDocument=ec2_role_policy, Path="/", Policies=self.generate_iam_policies())) t.add_resource( InstanceProfile("EmpireMinionProfile", Path="/", Roles=[Ref("EmpireMinionRole")]))
def create_iam_profile(self): t = self.template # Role for Empire Controllers t.add_resource( Role("EmpireControllerRole", AssumeRolePolicyDocument=get_default_assumerole_policy(), Path="/", Policies=self.generate_iam_policies())) t.add_resource( InstanceProfile("EmpireControllerProfile", Path="/", Roles=[Ref("EmpireControllerRole")])) t.add_output(Output("IAMRole", Value=Ref("EmpireControllerRole")))
def create_iam_profile(self): t = self.template ec2_role_policy = get_default_assumerole_policy() t.add_resource( Role( "EmpireMinionRole", AssumeRolePolicyDocument=ec2_role_policy, Path="/", Policies=self.generate_iam_policies())) t.add_resource( InstanceProfile( "EmpireMinionProfile", Path="/", Roles=[Ref("EmpireMinionRole")]))
def create_iam_profile(self): t = self.template # Role for Empire Controllers t.add_resource( Role( "EmpireControllerRole", AssumeRolePolicyDocument=get_default_assumerole_policy(), Path="/", Policies=self.generate_iam_policies())) t.add_resource( InstanceProfile( "EmpireControllerProfile", Path="/", Roles=[Ref("EmpireControllerRole")])) t.add_output(Output("IAMRole", Value=Ref("EmpireControllerRole")))
def create_iam_profile(self): t = self.template ns = self.context.namespace # Create the EmpireMinionRole - this has all the permissions # that the ECS Agent needs. ec2_role_policy = get_default_assumerole_policy() t.add_resource( Role("EmpireMinionRole", AssumeRolePolicyDocument=ec2_role_policy, Path="/", Policies=[ Policy(PolicyName="%s-ecs-agent" % ns, PolicyDocument=ecs_agent_policy()), ])) t.add_resource( InstanceProfile("EmpireMinionProfile", Path="/", Roles=[Ref("EmpireMinionRole")]))
def create_iam_profile(self): t = self.template ns = self.context.namespace # Create the EmpireMinionRole - this has all the permissions # that the ECS Agent needs. ec2_role_policy = get_default_assumerole_policy() t.add_resource( Role( "EmpireMinionRole", AssumeRolePolicyDocument=ec2_role_policy, Path="/", Policies=[ Policy( PolicyName="%s-ecs-agent" % ns, PolicyDocument=ecs_agent_policy()), ])) t.add_resource( InstanceProfile( "EmpireMinionProfile", Path="/", Roles=[Ref("EmpireMinionRole")]))
def create_iam_profile(self): t = self.template # Create EC2 Container Service Role t.add_resource( Role( "ecsServiceRole", AssumeRolePolicyDocument=get_ecs_assumerole_policy(), Path="/", Policies=[ Policy(PolicyName="ecsServiceRolePolicy", PolicyDocument=service_role_policy()) ])) # Role for Empire Controllers t.add_resource( Role( "EmpireControllerRole", AssumeRolePolicyDocument=get_default_assumerole_policy(), Path="/", Policies=[ Policy(PolicyName="EmpireControllerPolicy", PolicyDocument=empire_policy())])) # Add SNS Events policy if Events are enabled t.add_resource( PolicyType( "SNSEventsPolicy", PolicyName="EmpireSNSEventsPolicy", Condition="EnableSNSEvents", PolicyDocument=sns_events_policy(Ref("EventTopic")), Roles=[Ref("EmpireControllerRole")])) t.add_resource( InstanceProfile( "EmpireControllerProfile", Path="/", Roles=[Ref("EmpireControllerRole")])) t.add_output( Output("EmpireControllerRole", Value=Ref("EmpireControllerRole")))
def create_ec2_role(self, name): return self.create_role(name, get_default_assumerole_policy())
awacs_logs.DescribeLogStreams, ], Effect=Allow, Resource=["arn:aws:logs:*:*:*"], ), ] ) logs_writer_policy = iam.Policy( 'LogsWriterPolicy', PolicyName='LogsWriterPolicy', PolicyDocument=logs_writer_policy_doc ) our_only_role = stack.add_resource(iam.Role('OurOnlyRole', AssumeRolePolicyDocument=trust.get_default_assumerole_policy(), Policies=[logs_writer_policy], )) instance_profile = stack.add_resource(iam.InstanceProfile( 'OurOnlyInstanceProfile', Roles=[Ref(our_only_role)], )) default_instance_sg = stack.add_resource(ec2.SecurityGroup( 'DefaultInstanceSG', GroupDescription='Default group for instances to be in', SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol='6', CidrIp='172.31.22.10/32', ToPort=22,