当前位置: 首页>>代码示例>>Python>>正文


Python aws.Allow方法代码示例

本文整理汇总了Python中awacs.aws.Allow方法的典型用法代码示例。如果您正苦于以下问题:Python aws.Allow方法的具体用法?Python aws.Allow怎么用?Python aws.Allow使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在awacs.aws的用法示例。


在下文中一共展示了aws.Allow方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: create_apigw_policy

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def create_apigw_policy(self):
        return [
            Statement(
                Effect=Allow,
                Action=[
                    awacs.apigateway.DELETE,
                    awacs.apigateway.GET,
                    awacs.apigateway.PATCH,
                    awacs.apigateway.POST,
                    awacs.apigateway.PUT
                ],
                Resource=[
                    APIGW_ARN('{0}-{1}'.format(
                        self.app_name,
                        self.stage_name)),
                    "arn:aws:apigateway:{aws_region_name}::/restapis/*".format(aws_region_name=self.aws_region_name),
                    "arn:aws:apigateway:{aws_region_name}::/restapis".format(aws_region_name=self.aws_region_name)
                ]
            ),

        ] 
开发者ID:bjinwright,项目名称:zops,代码行数:23,代码来源:user.py

示例2: create_iam_policy

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def create_iam_policy(self):
        return [
            Statement(

                Effect=Allow,
                Action=[
                    awacs.iam.GetRole,
                    awacs.iam.PassRole,
                    awacs.iam.PutRolePolicy,
                ],
                Resource=[
                    '*'
                ]
            ),
            Statement(

                Effect=Allow,
                Action=[
                    awacs.iam.PassRole
                ],
                Resource=[
                    IAM_ARN('role/Zappa')
                ]
            )
        ] 
开发者ID:bjinwright,项目名称:zops,代码行数:27,代码来源:user.py

示例3: create_cloudformation_policy

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def create_cloudformation_policy(self):
        return [
            Statement(
                Effect=Allow,
                Action=[
                    awacs.cloudformation.Action('*')
                ],
                Resource=[
                    CLOUDFORMATION_ARN(
                        resource='*',
                        region=self.aws_region_name,
                        account='*'
                    )
                ]
            )
        ] 
开发者ID:bjinwright,项目名称:zops,代码行数:18,代码来源:user.py

示例4: add_role

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def add_role(self, name, principal_services, policies, path='/'):
        """
        Helper method for creating roles with pre defined policies
        """
        policies_for_role = [self.get_policy(policy, name) for policy in policies]

        return self.add_resource(iam.Role(
            name + "Role",
            AssumeRolePolicyDocument={
                "Statement": [{
                    "Effect": "Allow",
                    "Principal": {
                        "Service": principal_services
                    },
                    "Action": ["sts:AssumeRole"]
                }]
            },
            Path=path,
            Policies=policies_for_role
        )) 
开发者ID:AWSFrederick,项目名称:Spires-Infra,代码行数:22,代码来源:aws_frederick_common.py

示例5: create_s3_policy

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def create_s3_policy(self):
        bucket_list = [

            S3_ARN(self.function_bucket)
        ]
        bucket_list_paths = [
            S3_ARN("{0}/*".format(self.function_bucket)),
        ]
        if self.static_bucket:
            bucket_list.append(S3_ARN(self.static_bucket))
            bucket_list_paths.extend([S3_ARN("{0}/{1}-{2}-static/*".format(
                self.static_bucket,
                self.app_name, self.stage_name)),
                S3_ARN("{0}/{1}-{2}-media/*".format(
                    self.static_bucket,
                    self.app_name, self.stage_name)),
                S3_ARN("{0}/{1}-{2}-static".format(
                    self.static_bucket,
                    self.app_name, self.stage_name)),
                S3_ARN("{0}/{1}-{2}-media".format(
                    self.static_bucket,
                    self.app_name, self.stage_name)),
                ])

        return [
            Statement(
                Effect=Allow,
                Action=[
                    awacs.s3.ListBucket,
                ],
                Resource=bucket_list
            ),
            Statement(
                Effect=Allow,
                Action=[Action('s3','*')],
                Resource=bucket_list_paths,
            )
        ] 
开发者ID:bjinwright,项目名称:zops,代码行数:40,代码来源:user.py

示例6: create_lambda_policy

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def create_lambda_policy(self):
        return [
            Statement(
                Effect=Allow,
                Action=[
                    awacs.awslambda.AddPermission,
                    awacs.awslambda.DeleteFunction,
                    awacs.awslambda.GetFunction,
                    awacs.awslambda.GetPolicy,
                    awacs.awslambda.ListVersionsByFunction,
                    awacs.awslambda.UpdateFunctionCode,
                    awacs.awslambda.RemovePermission,
                    awacs.awslambda.UpdateFunctionConfiguration
                ],
                Resource=[
                    LAMBDA_ARN('{0}-{1}'.format(
                        self.app_name, self.stage_name), region=self.aws_region_name, account='*')
                ]

            ),
            Statement(
                Effect=Allow,
                Action=[
                    awacs.awslambda.CreateFunction,
                ],
                Resource=[
                    '*'
                ]

            ),
        ] 
开发者ID:bjinwright,项目名称:zops,代码行数:33,代码来源:user.py

示例7: add_kms_key

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def add_kms_key(self, name):
        print('Adding KMS key for %s service' % name)

        account_id = self.config.get('account_id', None)

        if not account_id:
            print('Unable to add KMS Key')
            sys.exit('Unable to add KMS Key! No Account ID')

        keypolicy = {
            "Version": "2012-10-17",
            "Id": name,
            "Statement": [{
                "Sid": "Allow administration of the key",
                "Effect": "Allow",
                "Principal": {"AWS": ("arn:aws:iam::%s:root" % account_id)},
                "Action": [
                    "kms:Create*",
                    "kms:Describe*",
                    "kms:Enable*",
                    "kms:List*",
                    "kms:Put*",
                    "kms:Update*",
                    "kms:Revoke*",
                    "kms:Disable*",
                    "kms:Get*",
                    "kms:Delete*",
                    "kms:ScheduleKeyDeletion",
                    "kms:CancelKeyDeletion"
                ],
                "Resource": "*"
            }]
        }

        return self.add_resource(kms.Key(name, KeyPolicy=keypolicy)) 
开发者ID:AWSFrederick,项目名称:Spires-Infra,代码行数:37,代码来源:aws_frederick_common.py

示例8: add_instance_profile_ecs

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def add_instance_profile_ecs(self, layer_name, iam_policies, path_prefix):
        """
        Helper function to add role and instance profile resources to this
        template using the provided iam_policies. The instance_profile will be
        created at:
        '/<path_prefix>/<layer_name>/'
        """
        iam_role_obj = iam.Role(
            layer_name + 'IAMRole',
            AssumeRolePolicyDocument={
                'Statement': [{
                    'Effect': 'Allow',
                    'Principal': {'Service': ['ec2.amazonaws.com', 'ecs.amazonaws.com']},
                    'Action': ['sts:AssumeRole']
                }]
            },
            Path=Join('', ['/' + path_prefix + '/', layer_name, '/'])
        )

        if iam_policies is not None:
            iam_role_obj.Policies = iam_policies

        iam_role = self.add_resource(iam_role_obj)

        return self.add_resource(
            iam.InstanceProfile(
                layer_name + 'InstancePolicy',
                Path='/' + path_prefix + '/',
                Roles=[Ref(iam_role)]
            )
        ) 
开发者ID:AWSFrederick,项目名称:Spires-Infra,代码行数:33,代码来源:aws_frederick_common.py

示例9: build_role

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def build_role(self, name, policies=False):
        """
        Generate role for IAM cloudformation template
        :param name: Name of role
        :param policies: List of policies to attach to this role (False = none)
        :return: Ref to new role
        """
        # Build role template
        if policies:
            role = self.__template.add_resource(
                Role(
                    self.name_strip(name),
                    AssumeRolePolicyDocument=Policy(
                        Version=self.VERSION_IAM,
                        Statement=[
                            Statement(
                                Effect=Allow,
                                Principal=Principal(
                                    "Service", self.__role_principals
                                ),
                                Action=[AssumeRole],
                            )
                        ]
                    ),
                    Path=self.__role_path,
                    ManagedPolicyArns=policies,
                ))
            # Add role to list for default policy
            self.__roles_list.append(troposphere.Ref(role))
        else:
            role = self.__template.add_resource(
                Role(
                    self.name_strip(name),
                    AssumeRolePolicyDocument=Policy(
                        Version=self.VERSION_IAM,
                        Statement=[
                            Statement(
                                Effect=Allow,
                                Principal=Principal(
                                    "Service", self.__role_principals
                                ),
                                Action=[AssumeRole],
                            )
                        ]
                    ),
                    Path=self.__role_path,
                ))
            # Add role to list for default policy
            self.__roles_list.append(troposphere.Ref(role))

        return role 
开发者ID:glomex,项目名称:gcdt,代码行数:53,代码来源:iam.py

示例10: add_bucket

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def add_bucket(self, name, access_control, static_site, route53, public_hosted_zone):
        """
        Helper method creates a directory service resource
        @param name [string] Fully qualified name for the bucket
        (corp.example.com)
        @param access_control [string] type of access control for the bucket
        @param static_site [boolean] should the bucket host a static site
        @param route53 [boolean] create a route53 entry?
        """

        if route53:
            self.add_dns_alias(
                name,
                "s3-website-us-east-1.amazonaws.com",
                "Z3AQBSTGFYJSTF",
                public_hosted_zone
            )

        if access_control == "PublicRead":
            policy = s3.BucketPolicy(
                name.replace('.', '') + "BucketPolicy",
                Bucket=name,
                PolicyDocument={
                    "Statement": [
                        {
                            "Sid": "PublicReadForGetBucketObjects",
                            "Effect": "Allow",
                            "Principal": "*",
                            "Action": "s3:GetObject",
                            "Resource": "arn:aws:s3:::%s/*" % name
                        }
                    ]
                }
            )
            self.add_resource(policy)

        bucket = s3.Bucket(
            name.replace('.', '') + "Bucket",
            BucketName=name,
            AccessControl=access_control,
        )

        if static_site:
            web_config = s3.WebsiteConfiguration(IndexDocument='index.html')
            bucket.properties['WebsiteConfiguration'] = web_config

        return self.add_resource(bucket) 
开发者ID:AWSFrederick,项目名称:Spires-Infra,代码行数:49,代码来源:aws_frederick_common.py


注:本文中的awacs.aws.Allow方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。