Collections¶
Attention
This is an early version of the package. The API might change when new features are implemented. Therefore make sure you use an exact version in your package.json
/requirements.txt
before it reaches 1.0.0.
IAM Floyd provides commonly used statement collections. These can be called via:
new statement.Collection().allowEc2InstanceDeleteByOwner()
statements = statement.Collection().allow_ec2_instance_delete_by_owner()
{
"Condition": {
"StringLike": {
"aws:RequestTag/Owner": "${aws:username}"
}
},
"Action": [
"ec2:StartInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
{
"Condition": {
"StringLike": {
"ec2:ResourceTag/Owner": "${aws:username}"
}
},
"Action": [
"ec2:StopInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
Collections return a list of statements, which then can be used in a policy like this:
const policy = {
Version: '2012-10-17',
Statement: [
...new statement.Collection().allowEc2InstanceDeleteByOwner(),
],
};
statements = statement.Collection().allow_ec2_instance_delete_by_owner()
policy = {
'Version': '2012-10-17',
'Statement': list(map(lambda x: x.to_json(), statements)),
}
{
"Version": "2012-10-17",
"Statement": [
{
"Condition": {
"StringLike": {
"aws:RequestTag/Owner": "${aws:username}"
}
},
"Action": [
"ec2:StartInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Condition": {
"StringLike": {
"ec2:ResourceTag/Owner": "${aws:username}"
}
},
"Action": [
"ec2:StopInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}