当前位置: 首页>>代码示例>>Python>>正文


Python iam.Policy方法代码示例

本文整理汇总了Python中troposphere.iam.Policy方法的典型用法代码示例。如果您正苦于以下问题:Python iam.Policy方法的具体用法?Python iam.Policy怎么用?Python iam.Policy使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在troposphere.iam的用法示例。


在下文中一共展示了iam.Policy方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: get_cfn_policy

# 需要导入模块: from troposphere import iam [as 别名]
# 或者: from troposphere.iam import Policy [as 别名]
def get_cfn_policy(self):
        """
        Helper method returns the standard IAM policy to allow cloudformation read actions
        """
        return iam.Policy(
            PolicyName='cloudformationRead',
            PolicyDocument={
                "Statement": [{
                    "Effect": "Allow",
                    "Action": [
                        "cloudformation:DescribeStackEvents",
                        "cloudformation:DescribeStackResource",
                        "cloudformation:DescribeStackResources",
                        "cloudformation:DescribeStacks",
                        "cloudformation:ListStacks",
                        "cloudformation:ListStackResources"],
                    "Resource": "*"}]
            }) 
开发者ID:DualSpark,项目名称:cloudformation-environmentbase,代码行数:20,代码来源:template.py

示例2: find

# 需要导入模块: from troposphere import iam [as 别名]
# 或者: from troposphere.iam import Policy [as 别名]
def find(self, test_name):
        """Gets the policies for the given integration test."""
        file_path = path.abspath(self.file_path(test_name))
        policies = []
        if path.isfile(file_path):
            with open(file_path, 'r') as stream:
                entries = yaml.safe_load(stream)
                for entry in entries:
                    policy = iam.Policy(
                        PolicyName='inline-policy',
                        PolicyDocument=entry
                    )
                    policies.append(policy)
        else:
            LOGGER.warning('policies.yaml not found for %s at %s', test_name,
                           file_path)
        return policies 
开发者ID:onicagroup,项目名称:runway,代码行数:19,代码来源:iam_policy_builder.py

示例3: _service_assume_role

# 需要导入模块: from troposphere import iam [as 别名]
# 或者: from troposphere.iam import Policy [as 别名]
def _service_assume_role(service: str) -> AWS.Policy:
    """Build and return the IAM AssumeRolePolicy for use in service roles."""
    return AWS.Policy(
        Statement=[
            AWS.Statement(
                Effect=AWS.Allow,
                Action=[STS.AssumeRole],
                Principal=AWS.Principal("Service", ["{}.amazonaws.com".format(service)]),
            )
        ]
    ) 
开发者ID:aws,项目名称:aws-encryption-sdk-python,代码行数:13,代码来源:pipeline.py

示例4: _codebuild_role

# 需要导入模块: from troposphere import iam [as 别名]
# 或者: from troposphere.iam import Policy [as 别名]
def _codebuild_role() -> iam.Role:
    """Build and return the IAM Role resource to be used by CodeBuild to run the build project."""
    policy = iam.Policy(
        "CodeBuildPolicy",
        PolicyName="CodeBuildPolicy",
        PolicyDocument=AWS.PolicyDocument(
            Statement=[
                AllowEverywhere(Action=[LOGS.CreateLogGroup, LOGS.CreateLogStream, LOGS.PutLogEvents]),
                AllowEverywhere(Action=[S3.GetObject, S3.GetObjectVersion, S3.PutObject]),
            ]
        ),
    )
    return iam.Role("CodeBuildRole", AssumeRolePolicyDocument=_service_assume_role(CODEBUILD.prefix), Policies=[policy]) 
开发者ID:aws,项目名称:aws-encryption-sdk-python,代码行数:15,代码来源:pipeline.py

示例5: _cloudformation_role

# 需要导入模块: from troposphere import iam [as 别名]
# 或者: from troposphere.iam import Policy [as 别名]
def _cloudformation_role() -> iam.Role:
    """Build and return the IAM Role resource to be used by the pipeline to interact with CloudFormation."""
    policy = iam.Policy(
        "CloudFormationPolicy",
        PolicyName="CloudFormationPolicy",
        PolicyDocument=AWS.PolicyDocument(Statement=[AllowEverywhere(Action=[AWS.Action("*")])]),
    )
    return iam.Role(
        "CloudFormationRole", AssumeRolePolicyDocument=_service_assume_role(CLOUDFORMATION.prefix), Policies=[policy]
    ) 
开发者ID:aws,项目名称:aws-encryption-sdk-python,代码行数:12,代码来源:pipeline.py

示例6: create_vpcflowlogs_role

# 需要导入模块: from troposphere import iam [as 别名]
# 或者: from troposphere.iam import Policy [as 别名]
def create_vpcflowlogs_role(self):
        flowlogs_policy = aws.Policy(
            Version="2012-10-17",
            Statement=[
                aws.Statement(
                    Sid="",
                    Effect=aws.Allow,
                    Resource=['*'],
                    Action=[awacs_logs.CreateLogGroup,
                            awacs_logs.CreateLogStream,
                            awacs_logs.PutLogEvents,
                            awacs_logs.DescribeLogGroups,
                            awacs_logs.DescribeLogStreams],
                )
            ]
        )

        flowlogs_trust_policy = aws.Policy(
            Version="2012-10-17",
            Statement=[make_simple_assume_statement("vpc-flow-logs.amazonaws.com")]
        )

        vpcflowlogs_role = iam.Role(
            'VPCFlowLogsIAMRole',
            AssumeRolePolicyDocument=flowlogs_trust_policy,
            Path='/',
            Policies=[
                iam.Policy(PolicyName='vpcflowlogs_policy', PolicyDocument=flowlogs_policy)
            ])

        return vpcflowlogs_role 
开发者ID:DualSpark,项目名称:cloudformation-environmentbase,代码行数:33,代码来源:template.py

示例7: create_base_policy

# 需要导入模块: from troposphere import iam [as 别名]
# 或者: from troposphere.iam import Policy [as 别名]
def create_base_policy():
    """Creates the base policy."""
    deploy_name_list = ['runway-int-test-']
    return iam.Policy(
        PolicyName='base-policy',
        PolicyDocument=PolicyDocument(
            Version='2012-10-17',
            Statement=[
                Statement(
                    Action=[
                        awacs.logs.CreateLogGroup,
                        awacs.logs.CreateLogStream,
                        awacs.logs.PutLogEvents
                    ],
                    Effect=Allow,
                    Resource=[
                        Join(
                            '',
                            [
                                'arn:',
                                Partition,
                                ':logs:',
                                Region,
                                ':',
                                AccountId,
                                ':log-group:/aws/codebuild/'
                            ] + deploy_name_list + [
                                '*'
                            ] + x
                        ) for x in [[':*'], [':*/*']]
                    ]
                )
            ]
        )
    ) 
开发者ID:onicagroup,项目名称:runway,代码行数:37,代码来源:iam_policy_builder.py

示例8: _pipeline_role

# 需要导入模块: from troposphere import iam [as 别名]
# 或者: from troposphere.iam import Policy [as 别名]
def _pipeline_role(buckets: Iterable[s3.Bucket]) -> iam.Role:
    """Build and return the IAM Role resource to be used by CodePipeline to run the pipeline."""
    bucket_statements = [
        AWS.Statement(
            Effect=AWS.Allow,
            Action=[S3.GetBucketVersioning, S3.PutBucketVersioning],
            Resource=[GetAtt(bucket, "Arn") for bucket in buckets],
        ),
        AWS.Statement(
            Effect=AWS.Allow,
            Action=[S3.GetObject, S3.PutObject],
            Resource=[Sub("${{{bucket}.Arn}}/*".format(bucket=bucket.title)) for bucket in buckets],
        ),
    ]
    policy = iam.Policy(
        "PipelinePolicy",
        PolicyName="PipelinePolicy",
        PolicyDocument=AWS.PolicyDocument(
            Statement=bucket_statements
            + [
                AllowEverywhere(Action=[CLOUDWATCH.Action("*"), IAM.PassRole]),
                AllowEverywhere(Action=[LAMBDA.InvokeFunction, LAMBDA.ListFunctions]),
                AllowEverywhere(
                    Action=[
                        CLOUDFORMATION.CreateStack,
                        CLOUDFORMATION.DeleteStack,
                        CLOUDFORMATION.DescribeStacks,
                        CLOUDFORMATION.UpdateStack,
                        CLOUDFORMATION.CreateChangeSet,
                        CLOUDFORMATION.DeleteChangeSet,
                        CLOUDFORMATION.DescribeChangeSet,
                        CLOUDFORMATION.ExecuteChangeSet,
                        CLOUDFORMATION.SetStackPolicy,
                        CLOUDFORMATION.ValidateTemplate,
                    ]
                ),
                AllowEverywhere(Action=[CODEBUILD.BatchGetBuilds, CODEBUILD.StartBuild]),
            ]
        ),
    )
    return iam.Role(
        "CodePipelinesRole", AssumeRolePolicyDocument=_service_assume_role(CODEPIPELINE.prefix), Policies=[policy]
    ) 
开发者ID:aws,项目名称:aws-encryption-sdk-python,代码行数:45,代码来源:pipeline.py

示例9: add_nat_instance_profile

# 需要导入模块: from troposphere import iam [as 别名]
# 或者: from troposphere.iam import Policy [as 别名]
def add_nat_instance_profile(self):
        '''
        Create the NAT role and instance profile
        '''
        policy_actions = [
            "ec2:DescribeInstances",
            "ec2:ModifyInstanceAttribute",
            "ec2:DescribeSubnets",
            "ec2:DescribeRouteTables",
            "ec2:CreateRoute",
            "ec2:ReplaceRoute",
            "ec2:StartInstances",
            "ec2:StopInstances"
        ]
        if self.enable_ntp:
            policy_actions.extend([
                "ec2:*DhcpOptions*",
                "ec2:DescribeVpcs"
            ])

        nat_role = self.add_resource(Role(
            "Nat%sRole" % str(self.subnet_index),
            AssumeRolePolicyDocument={
                "Statement": [{
                    "Effect": "Allow",
                    "Principal": {
                        "Service": ["ec2.amazonaws.com"]
                    },
                    "Action": ["sts:AssumeRole"]
                 }]
            },
            Path="/",
            Policies=[Policy(
                PolicyName="NAT%sPolicy" % str(self.subnet_index),
                PolicyDocument={
                    "Statement": [{
                        "Effect": "Allow",
                        "Action": policy_actions,
                        "Resource": "*"
                    }] + self.get_extra_policy_statements()
                }
            )]
        ))

        self.instance_profile = self.add_resource(InstanceProfile(
            "Nat%sInstanceProfile" % str(self.subnet_index),
            Path="/",
            Roles=[Ref(nat_role)]
        )) 
开发者ID:DualSpark,项目名称:cloudformation-environmentbase,代码行数:51,代码来源:ha_nat.py


注:本文中的troposphere.iam.Policy方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。