Ana Sayfa Keşfet Yardım
Giriş Yap
Devyatyi9
/
o3de
şunun yansıması https://github.com/o3de/o3de
İzle 1
Yıldızla 0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Dal: development
Dallar Biçim İmleri
o3de
/
Gems
/
AWSCore
/
cdk
/
example
/
auth.py

auth.py 2.3 KB
Kalıcı Bağlantı Geçmiş Ham

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. """
    2. 

  2. Copyright (c) Contributors to the Open 3D Engine Project.
    3. 

  3. For complete copyright and license terms please see the LICENSE at the root of this distribution.
    4. 

  4. 

  5. SPDX-License-Identifier: Apache-2.0 OR MIT
    6. 

  6. """
    7. 

  7. 

  8. from constructs import Construct
    9. 

  9. 

  10. from aws_cdk import (
    11. 

  11.     CfnOutput,
    12. 

  12.     Stack,
    13. 

  13.     aws_iam as iam
    14. 

  14. )
    15. 

  15. 

  16. 

  17. class AuthPolicy:
    18. 

  18.     """
    19. 

  19.     Creator of auth policies related for the example stack
    20. 

  20.     """
    21. 

  21.     def __init__(self, context: Construct):
    22. 

  22.         self._context = context
    23. 

  23.         self._policy_output = None
    24. 

  24. 

  25.     def generate_user_policy(self, stack: Stack) -> None:
    26. 

  26.         """
    27. 

  27.         Generate require role policy for calling resources created in the stack.
    28. 

  28. 

  29.         Currently, all resources use grant_access to groups so no direct policy
    30. 

  30.         is generated.
    31. 

  31. 

  32.         :param stack: The stack to use to generate the policy for
    33. 

  33.         :return: The created Admin IAM managed policy.
    34. 

  34.         """
    35. 

  35.         return None
    36. 

  36. 

  37.     def generate_admin_policy(self, stack: Stack) -> iam.ManagedPolicy:
    38. 

  38.         """
    39. 

  39.         Generate required role policy for calling service / using resources.
    40. 

  40. 

  41.         :param stack: The stack to use to generate the policy for
    42. 

  42.         :return: The created Admin IAM managed policy.
    43. 

  43.         """
    44. 

  44.         policy_id = f'CoreExampleAdminPolicy'
    45. 

  45. 

  46.         policy_statements = []
    47. 

  47. 

  48.         # Add permissions to describe stacks and resources
    49. 

  49.         stack_statement = iam.PolicyStatement(
    50. 

  50.             actions=[
    51. 

  51.                 "cloudformation:DescribeStackResources",
    52. 

  52.                 "cloudformation:DescribeStackResource",
    53. 

  53.                 "cloudformation:ListStackResources"
    54. 

  54.             ],
    55. 

  55.             effect=iam.Effect.ALLOW,
    56. 

  56.             resources=[
    57. 

  57.                 f"arn:{stack.partition}:cloudformation:{stack.region}:{stack.account}:stack/{stack.stack_name}"
    58. 

  58.             ],
    59. 

  59.             sid="ReadDeploymentStacks",
    60. 

  60.         )
    61. 

  61.         policy_statements.append(stack_statement)
    62. 

  62. 

  63.         policy = iam.ManagedPolicy(
    64. 

  64.             self._context,
    65. 

  65.             policy_id,
    66. 

  66.             managed_policy_name=f'{stack.stack_name}-AdminPolicy',
    67. 

  67.             statements=policy_statements)
    68. 

  68. 

  69.         self._policy_output = CfnOutput(
    70. 

  70.             self._context,
    71. 

  71.             id=f'{policy_id}AdminOutput',
    72. 

  72.             description='Admin user policy arn to work with resources',
    73. 

  73.             export_name=f"{stack.stack_name}:{policy_id}",
    74. 

  74.             value=policy.managed_policy_arn)
    75. 

  75.         return policy
    76. 

  76.