当前位置: 首页>>代码示例>>Python>>正文


Python aws.Statement方法代码示例

本文整理汇总了Python中awacs.aws.Statement方法的典型用法代码示例。如果您正苦于以下问题:Python aws.Statement方法的具体用法?Python aws.Statement怎么用?Python aws.Statement使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在awacs.aws的用法示例。


在下文中一共展示了aws.Statement方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: build_policy_bucket

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Statement [as 别名]
def build_policy_bucket(self, bucket, name, statements):
        """
        Generate bucket policy for S3 bucket
        :param bucket: The bucket to attach policy to
        :param name: The name of the bucket (to generate policy name from it)
        :param statements: The "rules" the policy should have
        :return: Ref to new policy
        """

        policy = self.__template.add_resource(
            BucketPolicy(
                self.name_strip(name, True, False),
                Bucket=troposphere.Ref(bucket),
                DependsOn=[
                    troposphere.Name(bucket)
                ],
                PolicyDocument=Policy(
                    Version=self.VERSION_IAM,
                    Statement=statements
                )
            )
        )

        return policy 
开发者ID:glomex,项目名称:gcdt,代码行数:26,代码来源:iam.py

示例2: add_role

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Statement [as 别名]
def add_role(self, name, principal_services, policies, path='/'):
        """
        Helper method for creating roles with pre defined policies
        """
        policies_for_role = [self.get_policy(policy, name) for policy in policies]

        return self.add_resource(iam.Role(
            name + "Role",
            AssumeRolePolicyDocument={
                "Statement": [{
                    "Effect": "Allow",
                    "Principal": {
                        "Service": principal_services
                    },
                    "Action": ["sts:AssumeRole"]
                }]
            },
            Path=path,
            Policies=policies_for_role
        )) 
开发者ID:AWSFrederick,项目名称:Spires-Infra,代码行数:22,代码来源:aws_frederick_common.py

示例3: build_policy

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Statement [as 别名]
def build_policy(self, name, statements, roles, is_managed_policy=False):
        """
        Generate policy for IAM cloudformation template
        :param name: Name of the policy
        :param statements: The "rules" the policy should have
        :param roles: The roles associated with this policy
        :param is_managed_policy: True if managed policy
        :return: Ref to new policy
        """
        if is_managed_policy:
            policy = ManagedPolicy(
                self.name_strip(name, True),
                PolicyDocument={
                    "Version": self.VERSION_IAM,
                    "Statement": statements,
                },
                Roles=roles,
                Path=self.__role_path,
            )
        else:
            policy = PolicyType(
                self.name_strip(name, True),
                PolicyName=self.name_strip(name, True),
                PolicyDocument={
                    "Version": self.VERSION_IAM,
                    "Statement": statements,
                },
                Roles=roles,
            )

        self.__template.add_resource(policy)
        return policy 
开发者ID:glomex,项目名称:gcdt,代码行数:34,代码来源:iam.py

示例4: add_kms_key

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Statement [as 别名]
def add_kms_key(self, name):
        print('Adding KMS key for %s service' % name)

        account_id = self.config.get('account_id', None)

        if not account_id:
            print('Unable to add KMS Key')
            sys.exit('Unable to add KMS Key! No Account ID')

        keypolicy = {
            "Version": "2012-10-17",
            "Id": name,
            "Statement": [{
                "Sid": "Allow administration of the key",
                "Effect": "Allow",
                "Principal": {"AWS": ("arn:aws:iam::%s:root" % account_id)},
                "Action": [
                    "kms:Create*",
                    "kms:Describe*",
                    "kms:Enable*",
                    "kms:List*",
                    "kms:Put*",
                    "kms:Update*",
                    "kms:Revoke*",
                    "kms:Disable*",
                    "kms:Get*",
                    "kms:Delete*",
                    "kms:ScheduleKeyDeletion",
                    "kms:CancelKeyDeletion"
                ],
                "Resource": "*"
            }]
        }

        return self.add_resource(kms.Key(name, KeyPolicy=keypolicy)) 
开发者ID:AWSFrederick,项目名称:Spires-Infra,代码行数:37,代码来源:aws_frederick_common.py

示例5: add_instance_profile_ecs

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Statement [as 别名]
def add_instance_profile_ecs(self, layer_name, iam_policies, path_prefix):
        """
        Helper function to add role and instance profile resources to this
        template using the provided iam_policies. The instance_profile will be
        created at:
        '/<path_prefix>/<layer_name>/'
        """
        iam_role_obj = iam.Role(
            layer_name + 'IAMRole',
            AssumeRolePolicyDocument={
                'Statement': [{
                    'Effect': 'Allow',
                    'Principal': {'Service': ['ec2.amazonaws.com', 'ecs.amazonaws.com']},
                    'Action': ['sts:AssumeRole']
                }]
            },
            Path=Join('', ['/' + path_prefix + '/', layer_name, '/'])
        )

        if iam_policies is not None:
            iam_role_obj.Policies = iam_policies

        iam_role = self.add_resource(iam_role_obj)

        return self.add_resource(
            iam.InstanceProfile(
                layer_name + 'InstancePolicy',
                Path='/' + path_prefix + '/',
                Roles=[Ref(iam_role)]
            )
        ) 
开发者ID:AWSFrederick,项目名称:Spires-Infra,代码行数:33,代码来源:aws_frederick_common.py

示例6: build_role

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Statement [as 别名]
def build_role(self, name, policies=False):
        """
        Generate role for IAM cloudformation template
        :param name: Name of role
        :param policies: List of policies to attach to this role (False = none)
        :return: Ref to new role
        """
        # Build role template
        if policies:
            role = self.__template.add_resource(
                Role(
                    self.name_strip(name),
                    AssumeRolePolicyDocument=Policy(
                        Version=self.VERSION_IAM,
                        Statement=[
                            Statement(
                                Effect=Allow,
                                Principal=Principal(
                                    "Service", self.__role_principals
                                ),
                                Action=[AssumeRole],
                            )
                        ]
                    ),
                    Path=self.__role_path,
                    ManagedPolicyArns=policies,
                ))
            # Add role to list for default policy
            self.__roles_list.append(troposphere.Ref(role))
        else:
            role = self.__template.add_resource(
                Role(
                    self.name_strip(name),
                    AssumeRolePolicyDocument=Policy(
                        Version=self.VERSION_IAM,
                        Statement=[
                            Statement(
                                Effect=Allow,
                                Principal=Principal(
                                    "Service", self.__role_principals
                                ),
                                Action=[AssumeRole],
                            )
                        ]
                    ),
                    Path=self.__role_path,
                ))
            # Add role to list for default policy
            self.__roles_list.append(troposphere.Ref(role))

        return role 
开发者ID:glomex,项目名称:gcdt,代码行数:53,代码来源:iam.py

示例7: add_bucket

# 需要导入模块: from awacs import aws [as 别名]
# 或者: from awacs.aws import Statement [as 别名]
def add_bucket(self, name, access_control, static_site, route53, public_hosted_zone):
        """
        Helper method creates a directory service resource
        @param name [string] Fully qualified name for the bucket
        (corp.example.com)
        @param access_control [string] type of access control for the bucket
        @param static_site [boolean] should the bucket host a static site
        @param route53 [boolean] create a route53 entry?
        """

        if route53:
            self.add_dns_alias(
                name,
                "s3-website-us-east-1.amazonaws.com",
                "Z3AQBSTGFYJSTF",
                public_hosted_zone
            )

        if access_control == "PublicRead":
            policy = s3.BucketPolicy(
                name.replace('.', '') + "BucketPolicy",
                Bucket=name,
                PolicyDocument={
                    "Statement": [
                        {
                            "Sid": "PublicReadForGetBucketObjects",
                            "Effect": "Allow",
                            "Principal": "*",
                            "Action": "s3:GetObject",
                            "Resource": "arn:aws:s3:::%s/*" % name
                        }
                    ]
                }
            )
            self.add_resource(policy)

        bucket = s3.Bucket(
            name.replace('.', '') + "Bucket",
            BucketName=name,
            AccessControl=access_control,
        )

        if static_site:
            web_config = s3.WebsiteConfiguration(IndexDocument='index.html')
            bucket.properties['WebsiteConfiguration'] = web_config

        return self.add_resource(bucket) 
开发者ID:AWSFrederick,项目名称:Spires-Infra,代码行数:49,代码来源:aws_frederick_common.py


注:本文中的awacs.aws.Statement方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。