Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def policy_document_one_statement():
return PolicyDocument(
**{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {"Service": ["ec2.amazonaws.com"], "AWS": "arn:aws:iam::324320755747:root"},
"Action": ["sts:AssumeRole"],
},
def policy_document_star_resource():
return PolicyDocument(
**{"Statement": [{"Action": ["*"], "Effect": "Allow", "Resource": "*", "Principal": {"AWS": ["156460612806"]}}]}
)
def policy_document_not_principal():
return PolicyDocument(
**{
"Statement": [
{
"Action": ["IAM:Delete*"],
"Effect": "Allow",
"Resource": "arn:aws:s3:::fakebucketfakebucket/*",
"NotPrincipal": {"AWS": ["156460612806"]},
}
def policy_document_wildcard_actions():
return PolicyDocument(
**{
"Statement": [
{
"Action": ["s3:*"],
"Effect": "Allow",
"Resource": "arn:aws:s3:::fakebucketfakebucket2/*",
"Principal": {"AWS": "*"},
}
def policy_document_multi_statement():
return PolicyDocument(
**{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {"Service": ["ec2.amazonaws.com"], "AWS": "arn:aws:iam::324320755747:root"},
"Action": ["sts:AssumeRole"],
},
{
"Effect": "bar",
"Principal": {"Service": ["ec2.amazonaws.com"], "AWS": "arn:aws:iam::324320755747:root"},
"Action": ["sts:AssumeRole"],
},
- Description: Description of the CMK.
- EnableKeyRotation: Enables automatic rotation of the key for the customer master key.
- Enabled: Specifies whether the customer master key (CMK) is enabled.
- KeyPolicy: A [policy document][pycfmodel.model.resources.properties.policy_document.PolicyDocument] object.
- KeyUsage: Determines the cryptographic operations.
- PendingWindowInDays: Number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack.
- Tags: Array of key-value pairs.
More info at [AWS Docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html)
"""
Description: Optional[ResolvableStr] = None
EnableKeyRotation: Optional[ResolvableBool] = None
Enabled: Optional[ResolvableBool] = None
KeyPolicy: Resolvable[PolicyDocument]
KeyUsage: Optional[ResolvableStr] = None
PendingWindowInDays: Optional[ResolvableInt] = None
Tags: Optional[Resolvable[List[Dict]]] = None
class KMSKey(Resource):
"""
Properties:
- Properties: A [KMS Key properties][pycfmodel.model.resources.kms_key.KMSKeyProperties] object.
More info at [AWS Docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html)
"""
TYPE_VALUE: ClassVar = "AWS::KMS::Key"
Type: str = TYPE_VALUE
class IAMRoleProperties(CustomModel):
"""
Properties:
- AssumeRolePolicyDocument: A [policy document][pycfmodel.model.resources.properties.policy_document.PolicyDocument] object.
- ManagedPolicyArns: List of ARNs of the IAM managed policies to attach.
- MaxSessionDuration: Maximum session duration (in seconds).
- Path: Path to the role.
- PermissionsBoundary: ARN of the policy used to set the permissions boundary.
- Policies: A list of [policy][pycfmodel.model.resources.properties.policy.Policy] objects.
- RoleName: Name of the role.
More info at [AWS Docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html)
"""
AssumeRolePolicyDocument: Resolvable[PolicyDocument]
ManagedPolicyArns: Optional[Resolvable[List[ResolvableStr]]] = None
MaxSessionDuration: Optional[ResolvableIntOrStr] = None
Path: Optional[ResolvableStr] = None
PermissionsBoundary: Optional[ResolvableStr] = None
Policies: Optional[Resolvable[List[Resolvable[Policy]]]] = None
RoleName: Optional[ResolvableStr] = None
class IAMRole(Resource):
"""
Properties:
- Properties: A [IAM Role properties][pycfmodel.model.resources.iam_role.IAMRoleProperties] object.
More info at [AWS Docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html)
"""