How to use the troposphere.iam.Role function in troposphere

To help you get started, we’ve selected a few troposphere examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github remind101 / stacker_blueprints / stacker_blueprints / firehose / base.py View on Github external
def create_role(self):
        t = self.template

        self.role = t.add_resource(
            iam.Role(
                ROLE,
                AssumeRolePolicyDocument=make_simple_assume_policy(
                    "firehose.amazonaws.com"
                ),
                Path="/",
                Policies=[self.generate_iam_policy()]
            )
        )

        t.add_output(Output("RoleName", Value=Ref(self.role)))
        t.add_output(Output("RoleArn", Value=GetAtt(self.role, "Arn")))
github waterbear-cloud / paco / src / paco / cftemplates / codebuild.py View on Github external
)
        # codecommit_repo_users ManagedPolicies
        managed_policy_arns = []
        for user_ref in action_config.codecommit_repo_users:
            user = get_model_obj_from_ref(user_ref, self.paco_ctx.project)
            # codecommit_stack = user.__parent__.__parent__.__parent__.stack
            user_logical_id = self.gen_cf_logical_name(user.username)
            codecommit_user_policy_param = self.create_cfn_parameter(
                param_type='String',
                name='CodeCommitUserPolicy' + user_logical_id,
                description='The CodeCommit User Policy for ' + user.username,
                value=user_ref + '.policy.arn',
            )
            managed_policy_arns.append(troposphere.Ref(codecommit_user_policy_param))

        project_role_res = troposphere.iam.Role(
            title='CodeBuildProjectRole',
            template=template,
            RoleName=self.project_role_name,
            ManagedPolicyArns=managed_policy_arns,
            AssumeRolePolicyDocument=PolicyDocument(
                Version="2012-10-17",
                Statement=[
                    Statement(
                        Effect=Allow,
                        Action=[ AssumeRole ],
                        Principal=Principal("Service", ['codebuild.amazonaws.com']),
                    )
                ]
            )
        )
github MysteriousCode / cloudformation-examples / src / apigateway_with_lambda.py View on Github external
template.add_description("Example API Gateway with Lambda as backend")

param_lambda_source_bucket = template.add_parameter(Parameter(
    "LambdaSourceBucket",
    Type="String",
    Description="Name of the bucket where lambda function sources is stored"
))

param_lambda_file_name = template.add_parameter(Parameter(
    "LambdaFileName",
    Type="String",
    Description="Name of the ZIP file with lambda function sources inside S3 bucket"
))

lambda_role = template.add_resource(iam.Role(
    "LambaRole",
    AssumeRolePolicyDocument=aws.Policy(
        Statement=[
            aws.Statement(
                Effect=aws.Allow,
                Action=[sts.AssumeRole],
                Principal=aws.Principal(
                    "Service", ["lambda.amazonaws.com"]
                )
            )
        ]
    ),
    Policies=[
        iam.Policy(
            PolicyName="LambdaPolicy",
            PolicyDocument=aws.Policy(
github dflook / cloudformation-dns-certificate / src / troposphere_dns_certificate / certificatemanager.py View on Github external
def add_helpers(template):
    """
    Add helper resources to the template

    This only needs to be called manually if for some reason the monkey patching doesn't work.

    """

    if LAMBDA_ROLE not in template.resources:
        template.add_resource(
            iam.Role(
                LAMBDA_ROLE,
                AssumeRolePolicyDocument=PolicyDocument(
                    Version='2012-10-17',
                    Statement=[
                        Statement(
                            Effect=Allow,
                            Action=[Action('sts', 'AssumeRole')],
                            Principal=Principal('Service', 'lambda.amazonaws.com'),
                        )
                    ],
                ),
                ManagedPolicyArns=[
                    'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole',
                    'arn:aws:iam::aws:policy/service-role/AWSLambdaRole',
                ],
                Policies=[
github CloudSnorkel / cfm-reslib / build.py View on Github external
def add_state_machine_role(template: troposphere.Template,
                           function: troposphere.awslambda.Function) -> troposphere.iam.Role:
    role = troposphere.iam.Role(
        "StateMachineRole", template,
        AssumeRolePolicyDocument={
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Principal": {
                        "Service": [
                            "states.amazonaws.com"
                        ]
                    },
                    "Action": [
                        "sts:AssumeRole"
                    ]
                }
            ],
github cloudtools / troposphere / examples / EMR_Cluster.py View on Github external
Default="0.1"
))

withSpotPrice = "WithSpotPrice"
template.add_condition(withSpotPrice, Not(Equals(Ref(spot), "0")))

gcTimeRatio = template.add_parameter(Parameter(
    "GcTimeRatioValue",
    Description="Hadoop name node garbage collector time ratio",
    Type=NUMBER,
    Default="19"
))

# IAM roles required by EMR

emr_service_role = template.add_resource(iam.Role(
    'EMRServiceRole',
    AssumeRolePolicyDocument={
        "Statement": [{
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "elasticmapreduce.amazonaws.com"
                ]
            },
            "Action": ["sts:AssumeRole"]
        }]
    },
    ManagedPolicyArns=[
        'arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole'
    ]
))
github waterbear-cloud / paco / src / paco / cftemplates / apigateway.py View on Github external
method_id = 'ApiGatewayMethod' + self.create_cfn_logical_id(method.name)
            method.logical_id = method_id
            cfn_export_dict = method.cfn_export_dict
            for resource in self.apigatewayrestapi.resources.values():
                if resource.name == method.resource_id:
                    cfn_export_dict["ResourceId"] = troposphere.Ref(resource.resource)
            if 'ResourceId' not in cfn_export_dict:
                cfn_export_dict["ResourceId"] = troposphere.GetAtt(restapi_resource, 'RootResourceId')
            cfn_export_dict["RestApiId"] = troposphere.Ref(restapi_resource)
            uri = troposphere.Join('', ["arn:aws:apigateway:", method.region_name, ":lambda:path/2015-03-31/functions/", method.parameter_arn_ref, "/invocations"])
            cfn_export_dict["Integration"]["Uri"] = uri

            if method.integration.integration_type == 'AWS_PROXY':
                # IAM Role - allows API Gateway to invoke Lambda
                # ToDo: enable Api Gateway to invoke things other than Lambda ...
                iam_role_resource = troposphere.iam.Role(
                    self.create_cfn_logical_id('ApiGatewayIamRole' + self.apigatewayrestapi.name + method.name),
                    Path='/',
                    AssumeRolePolicyDocument=Policy(
                        Version='2012-10-17',
                        Statement=[
                            Statement(
                                Effect=Allow,
                                Action=[awacs.sts.AssumeRole],
                                Principal=Principal('Service',['apigateway.amazonaws.com'])
                            )
                        ],
                    ),
                    Policies=[
                        troposphere.iam.Policy(
                            PolicyName=self.create_cfn_logical_id('LambdaAccessApiGateway' + self.apigatewayrestapi.name + method.name),
                            PolicyDocument=Policy(
github aws / aws-encryption-sdk-python / decrypt_oracle / .chalice / pipeline.py View on Github external
CLOUDFORMATION.DeleteStack,
                        CLOUDFORMATION.DescribeStacks,
                        CLOUDFORMATION.UpdateStack,
                        CLOUDFORMATION.CreateChangeSet,
                        CLOUDFORMATION.DeleteChangeSet,
                        CLOUDFORMATION.DescribeChangeSet,
                        CLOUDFORMATION.ExecuteChangeSet,
                        CLOUDFORMATION.SetStackPolicy,
                        CLOUDFORMATION.ValidateTemplate,
                    ]
                ),
                AllowEverywhere(Action=[CODEBUILD.BatchGetBuilds, CODEBUILD.StartBuild]),
            ]
        ),
    )
    return iam.Role(
        "CodePipelinesRole", AssumeRolePolicyDocument=_service_assume_role(CODEPIPELINE.prefix), Policies=[policy]
    )