policies

package
v0.0.0-...-82ab749 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 16, 2024 License: BSD-3-Clause Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AdministratorAccess = "arn:aws:iam::aws:policy/AdministratorAccess"
	ReadOnlyAccess      = "arn:aws:iam::aws:policy/ReadOnlyAccess"

	AmazonAPIGatewayPushToCloudWatchLogs = "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
)
View Source 
const (
	ExtraAdministratorAssumeRolePolicyFilename = "substrate.Administrator.assume-role-policy.json"
	ExtraAuditorAssumeRolePolicyFilename       = "substrate.Auditor.assume-role-policy.json"
)
View Source 
const (
	AllowAssumeRoleName    = "SubstrateAllowAssumeRole"
	DenySensitiveReadsName = "SubstrateDenySensitiveReads"
)

Variables

View Source 
var (
	AllowAssumeRole = &Document{
		Statement: []Statement{{
			Action:   []string{"sts:AssumeRole"},
			Effect:   Allow,
			Resource: []string{"*"},
		}},
	}
	DenySensitiveReads = &Document{
		Statement: []Statement{{
			Action: []string{
				"cloudformation:GetTemplate",
				"dynamodb:BatchGetItem",
				"dynamodb:GetItem",
				"dynamodb:Query",
				"dynamodb:Scan",
				"ec2:GetConsoleOutput",
				"ec2:GetConsoleScreenshot",
				"ecr:BatchGetImage",
				"ecr:GetAuthorizationToken",
				"ecr:GetDownloadUrlForLayer",
				"kinesis:Get*",
				"lambda:GetFunction",
				"logs:GetLogEvents",
				"s3:GetObject",
				"s3:GetObjectVersion",
				"sdb:Select*",
				"sqs:ReceiveMessage",
			},
			Effect:   Deny,
			Resource: []string{"*"},
		}},
	}
)

Functions

This section is empty.

Types

type Condition 

type Condition map[string]map[string]jsonutil.StringSlice

type Document 

type Document struct {
	Version   version
	Statement []Statement // annoyingly signular because AWS made it singular
}

func AssumeRolePolicyDocument 

func AssumeRolePolicyDocument(principal *Principal) *Document

func ExtraAdministratorAssumeRolePolicy 

func ExtraAdministratorAssumeRolePolicy() (*Document, error)

func ExtraAuditorAssumeRolePolicy 

func ExtraAuditorAssumeRolePolicy() (*Document, error)

func Merge 

func Merge(docs ...*Document) *Document

func Unmarshal 

func Unmarshal(b []byte) (*Document, error)

func UnmarshalString 

func UnmarshalString(s string) (*Document, error)

func (*Document) Marshal 

func (d *Document) Marshal() (string, error)

func (*Document) MustMarshal 

func (d *Document) MustMarshal() string

type Effect 

type Effect string
const (
	Allow Effect = "Allow" // default, thanks to MarshalJSON
	Deny  Effect = "Deny"
)

func (Effect) MarshalJSON 

func (e Effect) MarshalJSON() ([]byte, error)

func (Effect) String 

func (e Effect) String() string

type Principal 

type Principal struct {
	AWS       jsonutil.StringSlice `json:",omitempty"`
	Federated jsonutil.StringSlice `json:",omitempty"`
	Service   jsonutil.StringSlice `json:",omitempty"`
}

func (*Principal) String 

func (p *Principal) String() string

type Statement 

type Statement struct {
	Effect    Effect
	Principal *Principal `json:",omitempty"`
	Action    jsonutil.StringSlice
	Resource  jsonutil.StringSlice `json:",omitempty"` // omitempty for AssumeRolePolicyDocument
	Condition Condition            `json:",omitempty"`
	Sid       string               `json:",omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.