本文整理汇总了Python中awacs.aws.Allow方法的典型用法代码示例。如果您正苦于以下问题:Python aws.Allow方法的具体用法?Python aws.Allow怎么用?Python aws.Allow使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类awacs.aws的用法示例。
在下文中一共展示了aws.Allow方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: create_apigw_policy
# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def create_apigw_policy(self):
return [
Statement(
Effect=Allow,
Action=[
awacs.apigateway.DELETE,
awacs.apigateway.GET,
awacs.apigateway.PATCH,
awacs.apigateway.POST,
awacs.apigateway.PUT
],
Resource=[
APIGW_ARN('{0}-{1}'.format(
self.app_name,
self.stage_name)),
"arn:aws:apigateway:{aws_region_name}::/restapis/*".format(aws_region_name=self.aws_region_name),
"arn:aws:apigateway:{aws_region_name}::/restapis".format(aws_region_name=self.aws_region_name)
]
),
] 示例2: create_iam_policy
# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def create_iam_policy(self):
return [
Statement(
Effect=Allow,
Action=[
awacs.iam.GetRole,
awacs.iam.PassRole,
awacs.iam.PutRolePolicy,
],
Resource=[
'*'
]
),
Statement(
Effect=Allow,
Action=[
awacs.iam.PassRole
],
Resource=[
IAM_ARN('role/Zappa')
]
)
] 示例3: create_cloudformation_policy
# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def create_cloudformation_policy(self):
return [
Statement(
Effect=Allow,
Action=[
awacs.cloudformation.Action('*')
],
Resource=[
CLOUDFORMATION_ARN(
resource='*',
region=self.aws_region_name,
account='*'
)
]
)
] 示例4: add_role
# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def add_role(self, name, principal_services, policies, path='/'):
"""
Helper method for creating roles with pre defined policies
"""
policies_for_role = [self.get_policy(policy, name) for policy in policies]
return self.add_resource(iam.Role(
name + "Role",
AssumeRolePolicyDocument={
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": principal_services
},
"Action": ["sts:AssumeRole"]
}]
},
Path=path,
Policies=policies_for_role
)) 示例5: create_s3_policy
# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def create_s3_policy(self):
bucket_list = [
S3_ARN(self.function_bucket)
]
bucket_list_paths = [
S3_ARN("{0}/*".format(self.function_bucket)),
]
if self.static_bucket:
bucket_list.append(S3_ARN(self.static_bucket))
bucket_list_paths.extend([S3_ARN("{0}/{1}-{2}-static/*".format(
self.static_bucket,
self.app_name, self.stage_name)),
S3_ARN("{0}/{1}-{2}-media/*".format(
self.static_bucket,
self.app_name, self.stage_name)),
S3_ARN("{0}/{1}-{2}-static".format(
self.static_bucket,
self.app_name, self.stage_name)),
S3_ARN("{0}/{1}-{2}-media".format(
self.static_bucket,
self.app_name, self.stage_name)),
])
return [
Statement(
Effect=Allow,
Action=[
awacs.s3.ListBucket,
],
Resource=bucket_list
),
Statement(
Effect=Allow,
Action=[Action('s3','*')],
Resource=bucket_list_paths,
)
] 示例6: create_lambda_policy
# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def create_lambda_policy(self):
return [
Statement(
Effect=Allow,
Action=[
awacs.awslambda.AddPermission,
awacs.awslambda.DeleteFunction,
awacs.awslambda.GetFunction,
awacs.awslambda.GetPolicy,
awacs.awslambda.ListVersionsByFunction,
awacs.awslambda.UpdateFunctionCode,
awacs.awslambda.RemovePermission,
awacs.awslambda.UpdateFunctionConfiguration
],
Resource=[
LAMBDA_ARN('{0}-{1}'.format(
self.app_name, self.stage_name), region=self.aws_region_name, account='*')
]
),
Statement(
Effect=Allow,
Action=[
awacs.awslambda.CreateFunction,
],
Resource=[
'*'
]
),
] 示例7: add_kms_key
# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def add_kms_key(self, name):
print('Adding KMS key for %s service' % name)
account_id = self.config.get('account_id', None)
if not account_id:
print('Unable to add KMS Key')
sys.exit('Unable to add KMS Key! No Account ID')
keypolicy = {
"Version": "2012-10-17",
"Id": name,
"Statement": [{
"Sid": "Allow administration of the key",
"Effect": "Allow",
"Principal": {"AWS": ("arn:aws:iam::%s:root" % account_id)},
"Action": [
"kms:Create*",
"kms:Describe*",
"kms:Enable*",
"kms:List*",
"kms:Put*",
"kms:Update*",
"kms:Revoke*",
"kms:Disable*",
"kms:Get*",
"kms:Delete*",
"kms:ScheduleKeyDeletion",
"kms:CancelKeyDeletion"
],
"Resource": "*"
}]
}
return self.add_resource(kms.Key(name, KeyPolicy=keypolicy)) 示例8: add_instance_profile_ecs
# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def add_instance_profile_ecs(self, layer_name, iam_policies, path_prefix):
"""
Helper function to add role and instance profile resources to this
template using the provided iam_policies. The instance_profile will be
created at:
'/<path_prefix>/<layer_name>/'
"""
iam_role_obj = iam.Role(
layer_name + 'IAMRole',
AssumeRolePolicyDocument={
'Statement': [{
'Effect': 'Allow',
'Principal': {'Service': ['ec2.amazonaws.com', 'ecs.amazonaws.com']},
'Action': ['sts:AssumeRole']
}]
},
Path=Join('', ['/' + path_prefix + '/', layer_name, '/'])
)
if iam_policies is not None:
iam_role_obj.Policies = iam_policies
iam_role = self.add_resource(iam_role_obj)
return self.add_resource(
iam.InstanceProfile(
layer_name + 'InstancePolicy',
Path='/' + path_prefix + '/',
Roles=[Ref(iam_role)]
)
) 示例9: build_role
# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def build_role(self, name, policies=False):
"""
Generate role for IAM cloudformation template
:param name: Name of role
:param policies: List of policies to attach to this role (False = none)
:return: Ref to new role
"""
# Build role template
if policies:
role = self.__template.add_resource(
Role(
self.name_strip(name),
AssumeRolePolicyDocument=Policy(
Version=self.VERSION_IAM,
Statement=[
Statement(
Effect=Allow,
Principal=Principal(
"Service", self.__role_principals
),
Action=[AssumeRole],
)
]
),
Path=self.__role_path,
ManagedPolicyArns=policies,
))
# Add role to list for default policy
self.__roles_list.append(troposphere.Ref(role))
else:
role = self.__template.add_resource(
Role(
self.name_strip(name),
AssumeRolePolicyDocument=Policy(
Version=self.VERSION_IAM,
Statement=[
Statement(
Effect=Allow,
Principal=Principal(
"Service", self.__role_principals
),
Action=[AssumeRole],
)
]
),
Path=self.__role_path,
))
# Add role to list for default policy
self.__roles_list.append(troposphere.Ref(role))
return role 示例10: add_bucket
# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Allow [as 别名]
def add_bucket(self, name, access_control, static_site, route53, public_hosted_zone):
"""
Helper method creates a directory service resource
@param name [string] Fully qualified name for the bucket
(corp.example.com)
@param access_control [string] type of access control for the bucket
@param static_site [boolean] should the bucket host a static site
@param route53 [boolean] create a route53 entry?
"""
if route53:
self.add_dns_alias(
name,
"s3-website-us-east-1.amazonaws.com",
"Z3AQBSTGFYJSTF",
public_hosted_zone
)
if access_control == "PublicRead":
policy = s3.BucketPolicy(
name.replace('.', '') + "BucketPolicy",
Bucket=name,
PolicyDocument={
"Statement": [
{
"Sid": "PublicReadForGetBucketObjects",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::%s/*" % name
}
]
}
)
self.add_resource(policy)
bucket = s3.Bucket(
name.replace('.', '') + "Bucket",
BucketName=name,
AccessControl=access_control,
)
if static_site:
web_config = s3.WebsiteConfiguration(IndexDocument='index.html')
bucket.properties['WebsiteConfiguration'] = web_config
return self.add_resource(bucket)