Skip to content

Commit 244bb6b

Browse files
author
ljacobsson
committed
new feature 🎉 : Insert SAM Connectors to your template for supported resources
1 parent 59ae44b commit 244bb6b

File tree

6 files changed

+352
-27
lines changed

6 files changed

+352
-27
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
## iam-policies-cli
22

3-
CLI for generating AWS IAM policy documents or SAM policy templates based on the [JSON definition](https://awspolicygen.s3.amazonaws.com/js/policies.js) used in the [AWS Policy Generator](https://awspolicygen.s3.amazonaws.com/policygen.html).
3+
CLI for generating AWS IAM policy documents, SAM policy templates or [SAM Connectors](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/managing-permissions-connectors.html) based on the [JSON definition](https://awspolicygen.s3.amazonaws.com/js/policies.js) used in the [AWS Policy Generator](https://awspolicygen.s3.amazonaws.com/policygen.html).
44

55
Provide an optional SAM or CloudFormation template and it will let you reference resource ARNs using intrinsic functions for defined resources.
66

77
The mapping of CloudFormation resource type -> the intrinsic function that returns the ARN is based on the [cfn-lint schema for us-east-1](https://github.com/aws-cloudformation/cfn-python-lint/blob/master/src/cfnlint/data/CloudSpecs/us-east-1.json)
88

9-
New in v1.0.3 - you can now merge polices back to your template. Suppoerted resources are `AWS::Serverless::Function`, `AWS::Serverless::StateMachine`, `AWS::IAM::Role`
9+
New in v1.0.5 - support for AWS::Serverless::Connectors
1010

1111
## Installation
1212
`npm install -g @mhlabs/iam-policies-cli`

data/connectors.json

Lines changed: 252 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,252 @@
1+
{
2+
"AWS::ApiGateway::RestApi": {
3+
"AWS::Lambda::Function": [
4+
"Write"
5+
],
6+
"AWS::Serverless::Function": [
7+
"Write"
8+
]
9+
},
10+
"AWS::ApiGatewayV2::Api": {
11+
"AWS::Lambda::Function": [
12+
"Write"
13+
],
14+
"AWS::Serverless::Function": [
15+
"Write"
16+
]
17+
},
18+
"AWS::DynamoDB::Table": {
19+
"AWS::Lambda::Function": [
20+
"Read"
21+
],
22+
"AWS::Serverless::Function": [
23+
"Read"
24+
]
25+
},
26+
"AWS::Events::Rule": {
27+
"AWS::Events::EventBus": [
28+
"Write"
29+
],
30+
"AWS::Lambda::Function": [
31+
"Write"
32+
],
33+
"AWS::Serverless::Function": [
34+
"Write"
35+
],
36+
"AWS::Serverless::StateMachine": [
37+
"Write"
38+
],
39+
"AWS::SNS::Topic": [
40+
"Write"
41+
],
42+
"AWS::SQS::Queue": [
43+
"Write"
44+
],
45+
"AWS::StepFunctions::StateMachine": [
46+
"Write"
47+
]
48+
},
49+
"AWS::Lambda::Function": {
50+
"AWS::DynamoDB::Table": [
51+
"Read",
52+
"Write"
53+
],
54+
"AWS::Events::EventBus": [
55+
"Write"
56+
],
57+
"AWS::Lambda::Function": [
58+
"Write"
59+
],
60+
"AWS::S3::Bucket": [
61+
"Read",
62+
"Write"
63+
],
64+
"AWS::Serverless::Function": [
65+
"Write"
66+
],
67+
"AWS::Serverless::SimpleTable": [
68+
"Read",
69+
"Write"
70+
],
71+
"AWS::Serverless::StateMachine": [
72+
"Read",
73+
"Write"
74+
],
75+
"AWS::SNS::Topic": [
76+
"Write"
77+
],
78+
"AWS::SQS::Queue": [
79+
"Read",
80+
"Write"
81+
],
82+
"AWS::StepFunctions::StateMachine": [
83+
"Read",
84+
"Write"
85+
]
86+
},
87+
"AWS::S3::Bucket": {
88+
"AWS::Lambda::Function": [
89+
"Write"
90+
],
91+
"AWS::Serverless::Function": [
92+
"Write"
93+
]
94+
},
95+
"AWS::Serverless::Api": {
96+
"AWS::Lambda::Function": [
97+
"Write"
98+
],
99+
"AWS::Serverless::Function": [
100+
"Write"
101+
]
102+
},
103+
"AWS::Serverless::Function": {
104+
"AWS::DynamoDB::Table": [
105+
"Read",
106+
"Write"
107+
],
108+
"AWS::Events::EventBus": [
109+
"Write"
110+
],
111+
"AWS::Lambda::Function": [
112+
"Write"
113+
],
114+
"AWS::S3::Bucket": [
115+
"Read",
116+
"Write"
117+
],
118+
"AWS::Serverless::Function": [
119+
"Write"
120+
],
121+
"AWS::Serverless::SimpleTable": [
122+
"Read",
123+
"Write"
124+
],
125+
"AWS::Serverless::StateMachine": [
126+
"Read",
127+
"Write"
128+
],
129+
"AWS::SNS::Topic": [
130+
"Write"
131+
],
132+
"AWS::SQS::Queue": [
133+
"Read",
134+
"Write"
135+
],
136+
"AWS::StepFunctions::StateMachine": [
137+
"Read",
138+
"Write"
139+
]
140+
},
141+
"AWS::Serverless::HttpApi": {
142+
"AWS::Lambda::Function": [
143+
"Write"
144+
],
145+
"AWS::Serverless::Function": [
146+
"Write"
147+
]
148+
},
149+
"AWS::Serverless::SimpleTable": {
150+
"AWS::Lambda::Function": [
151+
"Read"
152+
],
153+
"AWS::Serverless::Function": [
154+
"Read"
155+
]
156+
},
157+
"AWS::Serverless::StateMachine": {
158+
"AWS::DynamoDB::Table": [
159+
"Read",
160+
"Write"
161+
],
162+
"AWS::Events::EventBus": [
163+
"Write"
164+
],
165+
"AWS::Lambda::Function": [
166+
"Write"
167+
],
168+
"AWS::S3::Bucket": [
169+
"Read",
170+
"Write"
171+
],
172+
"AWS::Serverless::Function": [
173+
"Write"
174+
],
175+
"AWS::Serverless::SimpleTable": [
176+
"Read",
177+
"Write"
178+
],
179+
"AWS::Serverless::StateMachine": [
180+
"Read",
181+
"Write"
182+
],
183+
"AWS::SNS::Topic": [
184+
"Write"
185+
],
186+
"AWS::SQS::Queue": [
187+
"Write"
188+
],
189+
"AWS::StepFunctions::StateMachine": [
190+
"Read",
191+
"Write"
192+
]
193+
},
194+
"AWS::SNS::Topic": {
195+
"AWS::Lambda::Function": [
196+
"Write"
197+
],
198+
"AWS::Serverless::Function": [
199+
"Write"
200+
],
201+
"AWS::SQS::Queue": [
202+
"Write"
203+
]
204+
},
205+
"AWS::SQS::Queue": {
206+
"AWS::Lambda::Function": [
207+
"Read",
208+
"Write"
209+
],
210+
"AWS::Serverless::Function": [
211+
"Read",
212+
"Write"
213+
]
214+
},
215+
"AWS::StepFunctions::StateMachine": {
216+
"AWS::DynamoDB::Table": [
217+
"Read",
218+
"Write"
219+
],
220+
"AWS::Events::EventBus": [
221+
"Write"
222+
],
223+
"AWS::Lambda::Function": [
224+
"Write"
225+
],
226+
"AWS::S3::Bucket": [
227+
"Read",
228+
"Write"
229+
],
230+
"AWS::Serverless::Function": [
231+
"Write"
232+
],
233+
"AWS::Serverless::SimpleTable": [
234+
"Read",
235+
"Write"
236+
],
237+
"AWS::Serverless::StateMachine": [
238+
"Read",
239+
"Write"
240+
],
241+
"AWS::SNS::Topic": [
242+
"Write"
243+
],
244+
"AWS::SQS::Queue": [
245+
"Write"
246+
],
247+
"AWS::StepFunctions::StateMachine": [
248+
"Read",
249+
"Write"
250+
]
251+
}
252+
}

package-lock.json

Lines changed: 16 additions & 13 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@mhlabs/iam-policies-cli",
3-
"version": "1.0.4",
3+
"version": "1.0.5",
44
"description": "A CLI tool for building simple to complex IAM policies",
55
"main": "index.js",
66
"scripts": {

0 commit comments

Comments
 (0)