Collections
Note
The list of collections is not exhaustive. If you have a list of statements that you think is worth sharing with others, please open an issue or a pull request.
Attention
This is an early version of the package. The API might change when new features are implemented. Therefore make sure you use an exact version in your package.json
/requirements.txt
before it reaches 1.0.0.
IAM Floyd provides commonly used statement collections.
First import the Collection
provider:
// for use without AWS CDK use the iam-floyd package
import { Collection } from 'iam-floyd';
// for use with CDK use the cdk-iam-floyd package
import { Collection } from 'cdk-iam-floyd';
// for use without AWS CDK use the iam-floyd package
const { Collection } = require('iam-floyd');
// for use with CDK use the cdk-iam-floyd package
const { Collection } = require('cdk-iam-floyd');
Collections then can be called via:
new Collection().allowEc2InstanceDeleteByOwner()
{
"Condition": {
"StringLike": {
"aws:RequestTag/Owner": "${aws:username}"
}
},
"Action": "ec2:StartInstances",
"Resource": "*",
"Effect": "Allow"
}
{
"Condition": {
"StringLike": {
"ec2:ResourceTag/Owner": "${aws:username}"
}
},
"Action": "ec2:StopInstances",
"Resource": "*",
"Effect": "Allow"
}
Collections return a list of statements, which then can be used in a policy like this:
const policy = {
Version: '2012-10-17',
Statement: [...new Collection().allowEc2InstanceDeleteByOwner()],
};
{
"Version": "2012-10-17",
"Statement": [
{
"Condition": {
"StringLike": {
"aws:RequestTag/Owner": "${aws:username}"
}
},
"Action": "ec2:StartInstances",
"Resource": "*",
"Effect": "Allow"
},
{
"Condition": {
"StringLike": {
"ec2:ResourceTag/Owner": "${aws:username}"
}
},
"Action": "ec2:StopInstances",
"Resource": "*",
"Effect": "Allow"
}
]
}
Available collections
allowEc2InstanceDeleteByOwner
Allows stopping EC2 instance for the user who started them.