示例#1
0
 def add_service_assume_policy(self, service_principal):
     policy_document = PolicyDocument()
     service_statement = Statement("Allow", ["sts:AssumeRole"])
     service_statement.set_service_principal([service_principal])
     policy_document.add_statement(service_statement)
     # An example of using a transform to make the Rack IAM
     # objects usable by Troposphere
     self.AssumeRolePolicyDocument =\
         transform_policy_document(policy_document)
示例#2
0
    def setUp(self):
        test_role = Role("BlankRole")

        asdoc = PolicyDocument()
        astatement = Statement("Allow", ["sts:AssumeRole"])
        astatement.set_service_principal(["ec2.amazonaws.com"])
        asdoc.add_statement(astatement)
        test_role.set_assume_policy(asdoc)

        self.test_role = test_role
示例#3
0
    def setUp(self):
        test_role = Role("RootRole")

        adoc = PolicyDocument()
        astatement = Statement("Allow", ["sts:AssumeRole"])
        astatement.set_service_principal(["ec2.amazonaws.com"])
        adoc.add_statement(astatement)

        allpolicy = InlinePolicy("root")
        allpolicydoc = PolicyDocument()
        allstatement = Statement("Allow", ["*"], "*")
        allpolicydoc.add_statement(allstatement)
        allpolicy.set_policy_document(allpolicydoc)

        test_role.set_assume_policy(adoc)
        test_role.add_policy(allpolicy)

        self.test_role = test_role
示例#4
0
# This is a use case for blank policy roles, allowing the user to easily
# add permissions later (for example Redshift accessing an S3 bucket to
# import data).
from rack_iam import Role
from rack_iam import PolicyDocument
from rack_iam import Statement

redshift_role = Role("RedshiftRole")

asdoc = PolicyDocument()
astatement = Statement("Allow", ["sts:AssumeRole"])
astatement.set_service_principal(["redshift.amazonaws.com"])
asdoc.add_statement(astatement)
redshift_role.set_assume_policy(asdoc)
示例#5
0
from rack_iam import Role
from rack_iam import PolicyDocument, InlinePolicy
from rack_iam import Statement

# In some cases standard object construction can lead to a lot of temporary
# variables. For example:
myRole = Role('TestRole')

assumed_policy_doc = PolicyDocument()
lambda_assume = Statement('Allow', 'sts:AssumeRole')
lambda_assume.set_service_principal(['lambda.amazonaws.com'])
assumed_policy_doc.add_statement(lambda_assume)
myRole.set_assume_policy(assumed_policy_doc)

all_s3_policy = InlinePolicy('AllS3')
all_s3_doc = PolicyDocument()
all_s3_permissions = Statement('Allow', 's3:*', '*')
all_s3_doc.add_statement(all_s3_permissions)
all_s3_policy.set_policy_document(all_s3_doc)

myRole.add_policy(all_s3_policy)

# This can get pretty cumbersome and hard to read. To avoid the use of temporary
# variables for one time type assignment you can use method chaining like so:
myOtherRole = Role('TestRole').set_assume_policy(
    PolicyDocument().add_statement(
        Statement('Allow', 'sts:AssumeRole').set_service_principal(
            ['lambda.amazonaws.com']
        )
    )
).add_policy(