Documentation ¶
Index ¶
- type AssumeRoleScenario
- func (scenario AssumeRoleScenario) Cleanup(user *types.User, role *types.Role)
- func (scenario AssumeRoleScenario) CreateAccessKey(user *types.User) *types.AccessKey
- func (scenario AssumeRoleScenario) CreateRoleAndPolicies(user *types.User) *types.Role
- func (scenario AssumeRoleScenario) CreateUser() *types.User
- func (scenario AssumeRoleScenario) ListBucketsWithAssumedRole(noPermsConfig *aws.Config, role *types.Role)
- func (scenario AssumeRoleScenario) ListBucketsWithoutPermissions(accessKey *types.AccessKey) *aws.Config
- func (scenario AssumeRoleScenario) Run()
- type IScenarioHelper
- type ScenarioHelper
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AssumeRoleScenario ¶
type AssumeRoleScenario struct {
// contains filtered or unexported fields
}
AssumeRoleScenario shows you how to use the AWS Identity and Access Management (IAM) service to perform the following actions:
- Create a user who has no permissions.
- Create a role that grants permission to list Amazon Simple Storage Service (Amazon S3) buckets for the account.
- Add a policy to let the user assume the role.
- Try and fail to list buckets without permissions.
- Assume the role and list S3 buckets using temporary credentials.
- Delete the policy, role, and user.
func NewAssumeRoleScenario ¶
func NewAssumeRoleScenario(sdkConfig aws.Config, questioner demotools.IQuestioner, helper IScenarioHelper) AssumeRoleScenario
NewAssumeRoleScenario constructs an AssumeRoleScenario instance from a configuration. It uses the specified config to get an IAM client and create wrappers for the actions used in the scenario.
func (AssumeRoleScenario) Cleanup ¶
func (scenario AssumeRoleScenario) Cleanup(user *types.User, role *types.Role)
Cleanup deletes all resources created for the scenario.
func (AssumeRoleScenario) CreateAccessKey ¶
func (scenario AssumeRoleScenario) CreateAccessKey(user *types.User) *types.AccessKey
CreateAccessKey creates an access key for the user.
func (AssumeRoleScenario) CreateRoleAndPolicies ¶
func (scenario AssumeRoleScenario) CreateRoleAndPolicies(user *types.User) *types.Role
CreateRoleAndPolicies creates a policy that grants permission to list S3 buckets for the current account and attaches the policy to a newly created role. It also adds an inline policy to the specified user that grants the user permission to assume the role.
func (AssumeRoleScenario) CreateUser ¶
func (scenario AssumeRoleScenario) CreateUser() *types.User
CreateUser creates a new IAM user. This user has no permissions.
func (AssumeRoleScenario) ListBucketsWithAssumedRole ¶
func (scenario AssumeRoleScenario) ListBucketsWithAssumedRole(noPermsConfig *aws.Config, role *types.Role)
ListBucketsWithAssumedRole performs the following actions:
- Creates an AWS Security Token Service (AWS STS) client from the config created from the user's access key credentials.
- Gets temporary credentials by assuming the role that grants permission to list the buckets.
- Creates an Amazon S3 client from the temporary credentials.
- Lists buckets for the account. Because the temporary credentials are generated by assuming the role that grants permission, the action succeeds.
func (AssumeRoleScenario) ListBucketsWithoutPermissions ¶
func (scenario AssumeRoleScenario) ListBucketsWithoutPermissions(accessKey *types.AccessKey) *aws.Config
ListBucketsWithoutPermissions creates an Amazon S3 client from the user's access key credentials and tries to list buckets for the account. Because the user does not have permission to perform this action, the action fails.
func (AssumeRoleScenario) Run ¶
func (scenario AssumeRoleScenario) Run()
Run runs the interactive scenario.
type IScenarioHelper ¶
IScenarioHelper abstracts input and wait functions from a scenario so that they can be mocked for unit testing.
type ScenarioHelper ¶
func (*ScenarioHelper) GetName ¶
func (helper *ScenarioHelper) GetName() string
GetName returns a unique name formed of a prefix and a random number.
func (ScenarioHelper) Pause ¶
func (helper ScenarioHelper) Pause(secs int)
Pause waits for the specified number of seconds.