birkeh
/
o3de
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
development
monroegm-disable-blank-issue-2
main
2111.2
2111.1
2107.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4014cacff8'
${ noResults }
o3de/Gems/AWSMetrics/cdk/aws_metrics/auth.py

74 lines
3.1 KiB
Python
Raw Blame History

"""
All or portions of this file Copyright (c) Amazon.com, Inc. or its affiliates or
its licensors.
For complete copyright and license terms please see the LICENSE at the root of this
distribution (the "License"). All use of this software is governed by the License,
or, if provided, by the license below or the license accompanying this file. Do not
remove or modify any license notices. This file is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
"""
from aws_cdk import (
core,
aws_iam as iam
)
from .aws_metrics_stack import AWSMetricsStack
from aws_metrics.policy_statements_builder.user_policy_statements_builder import UserPolicyStatementsBuilder
from aws_metrics.policy_statements_builder.admin_policy_statements_builder import AdminPolicyStatementsBuilder
class AuthPolicy:
"""
Creator of auth policies related to the Feature stack
"""
def __init__(self, stack: AWSMetricsStack, application_name: str):
self._stack = stack
self._application_name = application_name
def generate_policy(self, role_name: str) -> None:
"""
Generate required role policy for calling service / using resources.
See https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-create-and-manage-api.html
:param role_name: Role to create the managed user policy for
:return: The created IAM managed policy.
"""
if role_name == 'User':
policy_statements_builder = UserPolicyStatementsBuilder()
elif role_name == 'Admin':
policy_statements_builder = AdminPolicyStatementsBuilder()
else:
raise Exception('Role name needs to be either User or Admin')
policy_id = f'{role_name}Policy'
policy_statements_builder = policy_statements_builder\
.add_aws_metrics_stack_policy_statements(self._stack)\
.add_data_ingestion_policy_statements(self._stack.data_ingestion_component)\
.add_real_time_data_processing_policy_statements(self._stack.real_time_data_processing_component)\
.add_dashboard_policy_statements(self._stack.dashboard_component)
# Add policy statements for the optional batch processing feature
policy_statements_builder = policy_statements_builder\
.add_data_lake_integration_policy_statements(self._stack.data_lake_integration_component) \
.add_batch_processing_policy_statements(self._stack.batch_processing_component)\
.add_batch_analytics_policy_statements(self._stack.batch_analytics_component)
policy_statements = policy_statements_builder.build()
policy = iam.ManagedPolicy(
self._stack,
policy_id,
managed_policy_name=f'{self._stack.stack_name}-{role_name}Policy',
statements=policy_statements)
policy_output = core.CfnOutput(
self._stack,
id=f'{policy_id}Output',
description=f'{role_name} policy arn to call service',
export_name=f"{self._application_name}:{policy_id}",
value=policy.managed_policy_arn)
Reference in New Issue View Git Blame Copy Permalink