Documentation
¶
Overview ¶
Package sampolicies allows you to choose from a list of AWS SAM policy templates to scope the permissions of your Lambda functions to the resources that are used by your application.
Index ¶
- Constants
- func AssumeRoleLambda() string
- type Factory
- func (f *Factory) AddAMIDescribePolicy()
- func (f *Factory) AddAWSSecretsManagerGetSecretValuePolicy(secretArn string)
- func (f *Factory) AddAWSSecretsManagerRotationPolicy()
- func (f *Factory) AddAssumeRoleLambda()
- func (f *Factory) AddAthenaQueryPolicy()
- func (f *Factory) AddCloudFormationDescribeStacksPolicy()
- func (f *Factory) AddCloudWatchDashboardPolicy()
- func (f *Factory) AddCloudWatchDescribeAlarmHistoryPolicy()
- func (f *Factory) AddCloudWatchPutMetricPolicy()
- func (f *Factory) AddCodeCommitCrudPolicy(repositoryName string)
- func (f *Factory) AddCodeCommitReadPolicy(repositoryName string)
- func (f *Factory) AddCodePipelineLambdaExecutionPolicy()
- func (f *Factory) AddCodePipelineReadOnlyPolicy(pipelinename string)
- func (f *Factory) AddComprehendBasicAccessPolicy()
- func (f *Factory) AddCostExplorerReadOnlyPolicy()
- func (f *Factory) AddDynamoDBBackupFullAccessPolicy(tableName string)
- func (f *Factory) AddDynamoDBCrudPolicy(tableName string)
- func (f *Factory) AddDynamoDBReadPolicy(tableName string)
- func (f *Factory) AddDynamoDBReconfigurePolicy(tableName string)
- func (f *Factory) AddDynamoDBRestoreFromBackupPolicy(tableName string)
- func (f *Factory) AddDynamoDBStreamReadPolicy()
- func (f *Factory) AddDynamoDBWritePolicy(tableName string)
- func (f *Factory) AddEC2CopyImagePolicy(imageId string)
- func (f *Factory) AddEC2DescribePolicy()
- func (f *Factory) AddEKSDescribePolicy()
- func (f *Factory) AddElasticsearchHttpPostPolicy(domainName string)
- func (f *Factory) AddEventBridgePutEventsPolicy(eventBusName string)
- func (f *Factory) AddExecuteAPI()
- func (f *Factory) AddFilterLogEventsPolicy(logGroupName string)
- func (f *Factory) AddFirehoseCrudPolicy(deliveryStreamName string)
- func (f *Factory) AddFirehoseWritePolicy(deliveryStreamName string)
- func (f *Factory) AddKMSDecryptPolicy(keyId string)
- func (f *Factory) AddKMSEncryptPolicy(keyId string)
- func (f *Factory) AddKinesisCrudPolicy(streamName string)
- func (f *Factory) AddKinesisStreamReadPolicy()
- func (f *Factory) AddLambdaInvokePolicy(functionName string)
- func (f *Factory) AddMobileAnalyticsWriteOnlyAccessPolicy()
- func (f *Factory) AddOrganizationsListAccountsPolicy()
- func (f *Factory) AddPinpointEndpointAccessPolicy(pinpointApplicationId string)
- func (f *Factory) AddPollyFullAccessPolicy(lexiconName string)
- func (f *Factory) AddRekognitionDetectOnlyPolicy()
- func (f *Factory) AddRekognitionFacesManagementPolicy(collectionId string)
- func (f *Factory) AddRekognitionFacesPolicy()
- func (f *Factory) AddRekognitionLabelsPolicy()
- func (f *Factory) AddRekognitionNoDataAccessPolicy(collectionId string)
- func (f *Factory) AddRekognitionReadPolicy(collectionId string)
- func (f *Factory) AddRekognitionWriteOnlyAccessPolicy(collectionId string)
- func (f *Factory) AddS3CrudPolicy(bucketName string)
- func (f *Factory) AddS3FullAccessPolicy(bucketName string)
- func (f *Factory) AddS3ReadPolicy(bucketName string)
- func (f *Factory) AddS3WritePolicy(bucketName string)
- func (f *Factory) AddSESBulkTemplatedCrudPolicy(identityName string)
- func (f *Factory) AddSESCrudPolicy(identityName string)
- func (f *Factory) AddSESEmailTemplateCrudPolicy()
- func (f *Factory) AddSESSendBouncePolicy(identityName string)
- func (f *Factory) AddSNSCrudPolicy(topicName string)
- func (f *Factory) AddSNSPublishMessagePolicy(topicName string)
- func (f *Factory) AddSQSPollerPolicy(queueName string)
- func (f *Factory) AddSQSSendMessagePolicy(queueName string)
- func (f *Factory) AddSSMParameterReadPolicy()
- func (f *Factory) AddServerlessRepoReadWriteAccessPolicy()
- func (f *Factory) AddStepFunctionsExecutionPolicy(stateMachineName string)
- func (f *Factory) AddTextractDetectAnalyzePolicy()
- func (f *Factory) AddTextractGetResultPolicy()
- func (f *Factory) AddTextractPolicy()
- func (f *Factory) AddVPCAccessPolicy()
- func (f *Factory) ClearPolicies()
- func (f *Factory) GetPolicyStatement() (string, error)
- func (f *Factory) WithAccountID(accountID string) *Factory
- func (f *Factory) WithPartition(partition string) *Factory
- func (f *Factory) WithRegion(region string) *Factory
Constants ¶
const ( // AccountIDMissingErr is returned when GetPolicyStatement is executed without an accountID AccountIDMissingErr = "factory is missing required variable accountID" // PartitionMissingErr is returned when GetPolicyStatement is executed without a partition PartitionMissingErr = "factory is missing required variable partition" // RegionMissingErr is returned when GetPolicyStatement is executed without a region RegionMissingErr = "factory is missing required variable region" )
Variables ¶
This section is empty.
Functions ¶
func AssumeRoleLambda ¶
func AssumeRoleLambda() string
AssumeRoleLambda returns an IAM policy document that allows the IAM role to be assumed by AWS Lambda
Types ¶
type Factory ¶
type Factory struct {
// contains filtered or unexported fields
}
Factory is the main struct to create all new policies. It also has methods to get the IAM statement and add new policies to the array.
func NewFactory ¶
func NewFactory() *Factory
NewFactory returns a new Factory pointer that can be chained with builder methods to set multiple configuration values inline without using pointers.
func (*Factory) AddAMIDescribePolicy ¶
func (f *Factory) AddAMIDescribePolicy()
AddAMIDescribePolicy Gives permissions to describe AMIs
func (*Factory) AddAWSSecretsManagerGetSecretValuePolicy ¶
AddAWSSecretsManagerGetSecretValuePolicy Grants permissions to GetSecretValue for the specified AWS Secrets Manager secret
func (*Factory) AddAWSSecretsManagerRotationPolicy ¶
func (f *Factory) AddAWSSecretsManagerRotationPolicy()
AddAWSSecretsManagerRotationPolicy Grants permissions to APIs required to rotate a secret in AWS Secrets Manager
func (*Factory) AddAssumeRoleLambda ¶
func (f *Factory) AddAssumeRoleLambda()
AddAssumeRoleLambda allows AWS Lambda to assume the role and use AWS services
func (*Factory) AddAthenaQueryPolicy ¶
func (f *Factory) AddAthenaQueryPolicy()
AddAthenaQueryPolicy Gives permissions to execute Athena queries
func (*Factory) AddCloudFormationDescribeStacksPolicy ¶
func (f *Factory) AddCloudFormationDescribeStacksPolicy()
AddCloudFormationDescribeStacksPolicy Gives permission to describe CloudFormation stacks
func (*Factory) AddCloudWatchDashboardPolicy ¶
func (f *Factory) AddCloudWatchDashboardPolicy()
AddCloudWatchDashboardPolicy Gives permissions to put metrics to operate on CloudWatch Dashboards
func (*Factory) AddCloudWatchDescribeAlarmHistoryPolicy ¶
func (f *Factory) AddCloudWatchDescribeAlarmHistoryPolicy()
AddCloudWatchDescribeAlarmHistoryPolicy Gives permissions to describe CloudWatch alarm history
func (*Factory) AddCloudWatchPutMetricPolicy ¶
func (f *Factory) AddCloudWatchPutMetricPolicy()
AddCloudWatchPutMetricPolicy Gives permissions to put metrics to CloudWatch
func (*Factory) AddCodeCommitCrudPolicy ¶
AddCodeCommitCrudPolicy Gives permissions to create/read/update/delete objects within a specific codecommit repository
func (*Factory) AddCodeCommitReadPolicy ¶
AddCodeCommitReadPolicy Gives permissions to read objects within a specific codecommit repository
func (*Factory) AddCodePipelineLambdaExecutionPolicy ¶
func (f *Factory) AddCodePipelineLambdaExecutionPolicy()
AddCodePipelineLambdaExecutionPolicy Gives permission for a Lambda function invoked by AWS CodePipeline to report back status of the job
func (*Factory) AddCodePipelineReadOnlyPolicy ¶
AddCodePipelineReadOnlyPolicy Gives read permissions to get details about a CodePipeline pipeline
func (*Factory) AddComprehendBasicAccessPolicy ¶
func (f *Factory) AddComprehendBasicAccessPolicy()
AddComprehendBasicAccessPolicy Gives access to Amazon Comprehend APIs for detecting entities, key phrases, languages and sentiments
func (*Factory) AddCostExplorerReadOnlyPolicy ¶
func (f *Factory) AddCostExplorerReadOnlyPolicy()
AddCostExplorerReadOnlyPolicy Gives access to the readonly Cost Explorer APIs for billing history
func (*Factory) AddDynamoDBBackupFullAccessPolicy ¶
AddDynamoDBBackupFullAccessPolicy Gives read/write permissions to DynamoDB on-demand backups for a table
func (*Factory) AddDynamoDBCrudPolicy ¶
AddDynamoDBCrudPolicy Gives CRUD access to a DynamoDB Table
func (*Factory) AddDynamoDBReadPolicy ¶
AddDynamoDBReadPolicy Gives read only access to a DynamoDB Table
func (*Factory) AddDynamoDBReconfigurePolicy ¶
AddDynamoDBReconfigurePolicy Gives access reconfigure to a DynamoDB Table
func (*Factory) AddDynamoDBRestoreFromBackupPolicy ¶
AddDynamoDBRestoreFromBackupPolicy Gives permissions to restore a table from backup
func (*Factory) AddDynamoDBStreamReadPolicy ¶
func (f *Factory) AddDynamoDBStreamReadPolicy()
AddDynamoDBStreamReadPolicy Gives permission to describe and read a DynamoDB Stream and Records
func (*Factory) AddDynamoDBWritePolicy ¶
AddDynamoDBWritePolicy Gives write only access to a DynamoDB Table
func (*Factory) AddEC2CopyImagePolicy ¶
AddEC2CopyImagePolicy Gives permission top copy EC2 Images
func (*Factory) AddEC2DescribePolicy ¶
func (f *Factory) AddEC2DescribePolicy()
AddEC2DescribePolicy Gives permission to describe EC2 instances
func (*Factory) AddEKSDescribePolicy ¶
func (f *Factory) AddEKSDescribePolicy()
AddEKSDescribePolicy Gives permission to describe or list Amazon EKS clusters
func (*Factory) AddElasticsearchHttpPostPolicy ¶
AddElasticsearchHttpPostPolicy Gives POST and PUT permissions to Elasticsearch
func (*Factory) AddEventBridgePutEventsPolicy ¶
AddEventBridgePutEventsPolicy Gives permissions to send events to EventBridge
func (*Factory) AddExecuteAPI ¶
func (f *Factory) AddExecuteAPI()
AddExecuteAPI allows the IAM role to execute API invocations
func (*Factory) AddFilterLogEventsPolicy ¶
AddFilterLogEventsPolicy Gives permission to filter Log Events from a specified Log Group
func (*Factory) AddFirehoseCrudPolicy ¶
AddFirehoseCrudPolicy Gives permission to create, write to, update, and delete a Kinesis Firehose Delivery Stream
func (*Factory) AddFirehoseWritePolicy ¶
AddFirehoseWritePolicy Gives permission to write to a Kinesis Firehose Delivery Stream
func (*Factory) AddKMSDecryptPolicy ¶
AddKMSDecryptPolicy Gives permission to decrypt with KMS Key
func (*Factory) AddKMSEncryptPolicy ¶
AddKMSEncryptPolicy Gives permission to encrypt with KMS Key
func (*Factory) AddKinesisCrudPolicy ¶
AddKinesisCrudPolicy Gives permission to create, publish and delete Kinesis Stream
func (*Factory) AddKinesisStreamReadPolicy ¶
func (f *Factory) AddKinesisStreamReadPolicy()
AddKinesisStreamReadPolicy Gives permission to list and read a Kinesis stream
func (*Factory) AddLambdaInvokePolicy ¶
AddLambdaInvokePolicy Gives permission to invoke a Lambda Function, Alias or Version
func (*Factory) AddMobileAnalyticsWriteOnlyAccessPolicy ¶
func (f *Factory) AddMobileAnalyticsWriteOnlyAccessPolicy()
AddMobileAnalyticsWriteOnlyAccessPolicy Gives write only permissions to put event data for all application resources
func (*Factory) AddOrganizationsListAccountsPolicy ¶
func (f *Factory) AddOrganizationsListAccountsPolicy()
AddOrganizationsListAccountsPolicy Gives readonly permission to list child account names and ids
func (*Factory) AddPinpointEndpointAccessPolicy ¶
AddPinpointEndpointAccessPolicy Gives permissions to get and update endpoints for a Pinpoint application
func (*Factory) AddPollyFullAccessPolicy ¶
AddPollyFullAccessPolicy Gives full access permissions to Polly lexicon resources
func (*Factory) AddRekognitionDetectOnlyPolicy ¶
func (f *Factory) AddRekognitionDetectOnlyPolicy()
AddRekognitionDetectOnlyPolicy Gives permission to detect faces, labels and text
func (*Factory) AddRekognitionFacesManagementPolicy ¶
AddRekognitionFacesManagementPolicy Gives permission to add, delete and search faces in a collection
func (*Factory) AddRekognitionFacesPolicy ¶
func (f *Factory) AddRekognitionFacesPolicy()
AddRekognitionFacesPolicy Gives permission to compare and detect faces and labels
func (*Factory) AddRekognitionLabelsPolicy ¶
func (f *Factory) AddRekognitionLabelsPolicy()
AddRekognitionLabelsPolicy Gives permission to detect object and moderation labels
func (*Factory) AddRekognitionNoDataAccessPolicy ¶
AddRekognitionNoDataAccessPolicy Gives permission to compare and detect faces and labels
func (*Factory) AddRekognitionReadPolicy ¶
AddRekognitionReadPolicy Gives permission to list and search faces
func (*Factory) AddRekognitionWriteOnlyAccessPolicy ¶
AddRekognitionWriteOnlyAccessPolicy Gives permission to create collection and index faces
func (*Factory) AddS3CrudPolicy ¶
AddS3CrudPolicy Gives CRUD permissions to objects in the S3 Bucket
func (*Factory) AddS3FullAccessPolicy ¶
AddS3FullAccessPolicy Gives full access permissions to objects in the S3 Bucket
func (*Factory) AddS3ReadPolicy ¶
AddS3ReadPolicy Gives read permissions to objects in the S3 Bucket
func (*Factory) AddS3WritePolicy ¶
AddS3WritePolicy Gives write permissions to objects in the S3 Bucket
func (*Factory) AddSESBulkTemplatedCrudPolicy ¶
AddSESBulkTemplatedCrudPolicy Gives permission to send email, templated email, templated bulk emails and verify identity
func (*Factory) AddSESCrudPolicy ¶
AddSESCrudPolicy Gives permission to send email and verify identity
func (*Factory) AddSESEmailTemplateCrudPolicy ¶
func (f *Factory) AddSESEmailTemplateCrudPolicy()
AddSESEmailTemplateCrudPolicy Gives permission to create, get, list, update and delete SES Email Templates
func (*Factory) AddSESSendBouncePolicy ¶
AddSESSendBouncePolicy Gives SendBounce permission to a SES identity
func (*Factory) AddSNSCrudPolicy ¶
AddSNSCrudPolicy Gives permissions to create, publish and subscribe to SNS topics
func (*Factory) AddSNSPublishMessagePolicy ¶
AddSNSPublishMessagePolicy Gives permission to publish message to SNS Topic
func (*Factory) AddSQSPollerPolicy ¶
AddSQSPollerPolicy Gives permissions to poll an SQS Queue
func (*Factory) AddSQSSendMessagePolicy ¶
AddSQSSendMessagePolicy Gives permission to send message to SQS Queue
func (*Factory) AddSSMParameterReadPolicy ¶
func (f *Factory) AddSSMParameterReadPolicy()
AddSSMParameterReadPolicy Gives access to a parameter to load secrets in this account. If not using default key, KMSDecryptPolicy will also be needed.
func (*Factory) AddServerlessRepoReadWriteAccessPolicy ¶
func (f *Factory) AddServerlessRepoReadWriteAccessPolicy()
AddServerlessRepoReadWriteAccessPolicy Gives access permissions to create and list applications in the AWS Serverless Application Repository service
func (*Factory) AddStepFunctionsExecutionPolicy ¶
AddStepFunctionsExecutionPolicy Gives permission to start a Step Functions state machine execution
func (*Factory) AddTextractDetectAnalyzePolicy ¶
func (f *Factory) AddTextractDetectAnalyzePolicy()
AddTextractDetectAnalyzePolicy Gives access to detect and analyze documents with Textract
func (*Factory) AddTextractGetResultPolicy ¶
func (f *Factory) AddTextractGetResultPolicy()
AddTextractGetResultPolicy Gives access to get detected and analyzed documents from Textract
func (*Factory) AddTextractPolicy ¶
func (f *Factory) AddTextractPolicy()
AddTextractPolicy Gives full access to Textract
func (*Factory) AddVPCAccessPolicy ¶
func (f *Factory) AddVPCAccessPolicy()
AddVPCAccessPolicy Gives access to create, delete, describe and detach ENIs
func (*Factory) ClearPolicies ¶
func (f *Factory) ClearPolicies()
ClearPolicies removes all policies so you can begin with a clean slate
func (*Factory) GetPolicyStatement ¶
GetPolicyStatement creates the AWS IAM policy statement by linking together the policies that have been added so far and substituting the partition, region, and accountID. If any of the fields are missing, an error will be thrown.
func (*Factory) WithAccountID ¶
WithAccountID sets the AWS AccountID to use and returns a pointer to the existing resource to allow chaining.
func (*Factory) WithPartition ¶
WithPartition sets the AWS partition to use and returns a pointer to the existing resource to allow chaining.
func (*Factory) WithRegion ¶
WithRegion sets the AWS region to use and returns a pointer to the existing resource to allow chaining.
Source Files