Domů Procházet Nápověda
Přihlásit se
Devyatyi9
/
o3de
zrcadlo https://github.com/o3de/o3de
Sledovat 1
Oblíbit 0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Větev: development
Větve Značky
o3de
/
Gems
/
AWSCore
/
cdkv1
/
example
/
auth.py

auth.py 2.3 KB
Trvalý odkaz Historie Surový

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. """
    2. 

  2. Copyright (c) Contributors to the Open 3D Engine Project.
    3. 

  3. For complete copyright and license terms please see the LICENSE at the root of this distribution.
    4. 

  4. 

  5. SPDX-License-Identifier: Apache-2.0 OR MIT
    6. 

  6. """
    7. 

  7. 

  8. from aws_cdk import (
    9. 

  9.     core,
    10. 

  10.     aws_iam as iam
    11. 

  11. )
    12. 

  12. 

  13. 

  14. class AuthPolicy:
    15. 

  15.     """
    16. 

  16.     Creator of auth policies related for the example stack
    17. 

  17.     """
    18. 

  18.     def __init__(self, context: core.Construct):
    19. 

  19.         self._context = context
    20. 

  20.         self._policy_output = None
    21. 

  21. 

  22.     def generate_user_policy(self, stack: core.Stack) -> None:
    23. 

  23.         """
    24. 

  24.         Generate require role policy for calling resources created in the stack.
    25. 

  25. 

  26.         Currently all resources use grant_access to groups so no direct policy
    27. 

  27.         is generated.
    28. 

  28. 

  29.         :param stack: The stack to use to generate the policy for
    30. 

  30.         :return: The created Admin IAM managed policy.
    31. 

  31.         """
    32. 

  32.         return None
    33. 

  33. 

  34.     def generate_admin_policy(self, stack: core.Stack) -> iam.ManagedPolicy:
    35. 

  35.         """
    36. 

  36.         Generate required role policy for calling service / using resources.
    37. 

  37. 

  38.         :param stack: The stack to use to generate the policy for
    39. 

  39.         :return: The created Admin IAM managed policy.
    40. 

  40.         """
    41. 

  41.         policy_id = f'CoreExampleAdminPolicy'
    42. 

  42. 

  43.         policy_statements = []
    44. 

  44. 

  45.         # Add permissions to describe stacks and resources
    46. 

  46.         stack_statement = iam.PolicyStatement(
    47. 

  47.             actions=[
    48. 

  48.                 "cloudformation:DescribeStackResources",
    49. 

  49.                 "cloudformation:DescribeStackResource",
    50. 

  50.                 "cloudformation:ListStackResources"
    51. 

  51.             ],
    52. 

  52.             effect=iam.Effect.ALLOW,
    53. 

  53.             resources=[
    54. 

  54.                 f"arn:{stack.partition}:cloudformation:{stack.region}:{stack.account}:stack/{stack.stack_name}"
    55. 

  55.             ],
    56. 

  56.             sid="ReadDeploymentStacks",
    57. 

  57.         )
    58. 

  58.         policy_statements.append(stack_statement)
    59. 

  59. 

  60.         policy = iam.ManagedPolicy(
    61. 

  61.             self._context,
    62. 

  62.             policy_id,
    63. 

  63.             managed_policy_name=f'{stack.stack_name}-AdminPolicy',
    64. 

  64.             statements=policy_statements)
    65. 

  65. 

  66.         self._policy_output = core.CfnOutput(
    67. 

  67.             self._context,
    68. 

  68.             id=f'{policy_id}AdminOutput',
    69. 

  69.             description='Admin user policy arn to work with resources',
    70. 

  70.             export_name=f"{stack.stack_name}:{policy_id}",
    71. 

  71.             value=policy.managed_policy_arn)
    72. 

  72.         return policy
    73. 

  73.