1. Advisor
  2. @aws-cdk/aws-iam
  3. functions
  4. @aws-cdk/aws-iam.Role
View all @aws-cdk/aws-iam analysis

How to use the @aws-cdk/aws-iam.Role function in @aws-cdk/aws-iam

To help you get started, we’ve selected a few @aws-cdk/aws-iam examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github seagull-js / seagull / packages / deploy / src / lib / cdk / stack.ts View on Github external
private addIAMRole() {
    const name = `${this.name}-Role`
    const principleName = 'lambda.amazonaws.com'
    const roleParams = { assumedBy: new ServicePrincipal(principleName) }
    const actions: string[] = []
    actions.push('sts:AssumeRole')
    actions.push('logs:CreateLogStream')
    actions.push('logs:PutLogEvents')
    actions.push('lambda:InvokeFunction')
    actions.push('lambda:InvokeAsync')
    actions.push('s3:*')

    const role = new Role(this, name, roleParams)
    const policyStatement = new PolicyStatement()
    // TODO: add actions directly to the resources that need it
    role.addToPolicy(policyStatement.addAllResources().addActions(...actions))
    this.role = role
  }
github aws / aws-cdk / packages / @aws-cdk / aws-stepfunctions-tasks / lib / sagemaker-transform-task.ts View on Github external
public bind(task: sfn.Task): sfn.StepFunctionsTaskConfig {
        // create new role if doesn't exist
        if (this._role === undefined) {
            this._role = new iam.Role(task, 'SagemakerTransformRole', {
                assumedBy: new iam.ServicePrincipal('sagemaker.amazonaws.com'),
                managedPolicies: [
                    iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSageMakerFullAccess')
                ]
            });
        }

        return {
          resourceArn: getResourceArn("sagemaker", "createTransformJob", this.integrationPattern),
          parameters: this.renderParameters(),
          policyStatements: this.makePolicyStatements(task),
        };
    }
github fourTheorem / slic-starter / cicd / lib / orchestrator-pipeline.ts View on Github external
constructor(scope: Construct, id: string, props: OrchestratorPipelineProps) {
    const { artifactsBucket, sourceCodeBuildRole, ...rest } = props
    super(scope, id, {
      pipelineName: 'OrchestratorPipeline',
      artifactBucket: artifactsBucket,
      ...rest
    })

    // This role is for managing module pipelines
    const orchestratorCodeBuildRole = new Role(
      this,
      'orchestrator-codebuild-role',
      {
        roleName: 'orchestrator-codebuild-role',
        assumedBy: new ServicePrincipal('codebuild.amazonaws.com')
      }
    )
    orchestratorCodeBuildRole.addToPolicy(
      new PolicyStatement({
        actions: [
          'codepipeline:GetPipelineExecution',
          'codepipeline:StartPipelineExecution'
        ],
        resources: ['*']
      })
    )
github humank / EventStormingWorkShop / deployment / coffeeshop-cdk / lib / coffee-shop-code-pipeline.ts View on Github external
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
        super(scope, id, props);

        // Create a VPC
        const vpc = new ec2.Vpc(this, 'CoffeeShopVPC', {
            cidr: '10.0.0.0/16',
            natGateways: 1
        });

        this.ecrRepository = new ecr.Repository(this, 'Repository', {
            repositoryName: DOCKER_IMAGE_PREFIX,
            removalPolicy: cdk.RemovalPolicy.DESTROY
        });
        const buildRole = new iam.Role(this, 'CodeBuildIamRole', {
            assumedBy: new iam.ServicePrincipal('codebuild.amazonaws.com')
        });
        buildRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("AWSLambdaFullAccess"));
        buildRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonAPIGatewayAdministrator"));

        buildRole.addToPolicy(new iam.PolicyStatement({
            resources: ['*'],
            actions: ['cloudformation:*']
        }));

        buildRole.addToPolicy(new iam.PolicyStatement({
            resources: ['*'],
            actions: ['iam:*']
        }));

        buildRole.addToPolicy(new iam.PolicyStatement({
github aws / aws-cdk / packages / @aws-cdk / aws-eks-legacy / lib / cluster.ts View on Github external
constructor(scope: Construct, id: string, props: ClusterProps = { }) {
    super(scope, id, {
      physicalName: props.clusterName,
    });

    this.node.addWarning(`The @aws-cdk/aws-eks-legacy module will no longer be released as part of the AWS CDK starting March 1st, 2020. Please refer to https://github.com/aws/aws-cdk/issues/5544 for upgrade instructions`);

    const stack = Stack.of(this);

    this.vpc = props.vpc || new ec2.Vpc(this, 'DefaultVpc');
    this.version = props.version;

    this.tagSubnets();

    this.role = props.role || new iam.Role(this, 'ClusterRole', {
      assumedBy: new iam.ServicePrincipal('eks.amazonaws.com'),
      managedPolicies: [
        iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSClusterPolicy'),
        iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSServicePolicy'),
      ],
    });

    const securityGroup = props.securityGroup || new ec2.SecurityGroup(this, 'ControlPlaneSecurityGroup', {
      vpc: this.vpc,
      description: 'EKS Control Plane Security Group',
    });

    this.connections = new ec2.Connections({
      securityGroups: [securityGroup],
      defaultPort: ec2.Port.tcp(443), // Control Plane has an HTTPS API
    });
github aws / aws-cdk / packages / aws-cdk / integ-tests / app / app.js View on Github external
constructor(parent, id) {
    super(parent, id);

    new iam.Role(this, 'SomeRole', {
      assumedBy: new iam.ServicePrincipal('ec2.amazon.aws.com')
    });
  }
}
github cloudcomponents / cdk-components / packages / cdk-pull-request-check / src / pull_request_check.ts View on Github external
public constructor(
        scope: Construct,
        id: string,
        props: PullRequestCheckProps,
    ) {
        super(scope, id);

        const {
            repository,
            buildSpec,
            buildImage = LinuxBuildImage.STANDARD_2_0,
            computeType = buildImage.defaultComputeType,
        } = props;

        const lambdaRole = new Role(this, 'LambdaRole', {
            assumedBy: new ServicePrincipal('lambda.amazonaws.com'),
        });

        lambdaRole.addToPolicy(
            new PolicyStatement({
                resources: ['*'],
                actions: [
                    'codebuild:*',
                    'codecommit:*',
                    'logs:CreateLogGroup',
                    'logs:CreateLogStream',
                    'logs:PutLogEvents',
                    'logs:GetLogEvents',
                ],
            }),
        );
github aws / aws-cdk / packages / @aws-cdk / aws-stepfunctions / lib / state-machine.ts View on Github external
constructor(scope: Construct, id: string, props: StateMachineProps) {
        super(scope, id, {
            physicalName: props.stateMachineName,
        });

        this.role = props.role || new iam.Role(this, 'Role', {
            assumedBy: new iam.ServicePrincipal('states.amazonaws.com'),
        });

        const graph = new StateGraph(props.definition.startState, `State Machine ${id} definition`);
        graph.timeout = props.timeout;

        this.stateMachineType = props.stateMachineType ? props.stateMachineType : StateMachineType.STANDARD;

        const resource = new CfnStateMachine(this, 'Resource', {
            stateMachineName: this.physicalName,
            stateMachineType: props.stateMachineType ? props.stateMachineType : undefined,
            roleArn: this.role.roleArn,
            definitionString: Stack.of(this).toJsonString(graph.toGraphJson()),
        });

        for (const statement of graph.policyStatements) {
github aws / aws-cdk / packages / @aws-cdk / aws-config / lib / managed-rules.ts View on Github external
constructor(scope: Construct, id: string, props: CloudFormationStackDriftDetectionCheckProps = {}) {
    super(scope, id, {
      ...props,
      identifier: 'CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK',
      inputParameters: {
        cloudformationRoleArn: Lazy.stringValue({ produce: () => this.role.roleArn })
      }
    });

    this.scopeToResource('AWS::CloudFormation::Stack', props.ownStackOnly ? Stack.of(this).stackId : undefined);

    this.role = props.role || new iam.Role(this, 'Role', {
      assumedBy: new iam.ServicePrincipal('config.amazonaws.com'),
      managedPolicies: [
        iam.ManagedPolicy.fromAwsManagedPolicyName('ReadOnlyAccess')
      ]
    });
  }
}

@aws-cdk/aws-iam

CDK routines for easily assigning correct and minimal IAM permissions

GitHub
Apache-2.0
Latest version published 10 months ago

Package Health Score

70 / 100
Full package analysis

Popular @aws-cdk/aws-iam functions

Similar packages