How to use the pycfmodel.model.resources.iam_policy.IAMPolicy function in pycfmodel
To help you get started, we’ve selected a few pycfmodel examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
Skyscanner / pycfmodel / pycfmodel / model / resources / iam_group.py View on Github 
class IAMGroupProperties(CustomModel):
"""
Properties:
- GroupName: Name of the group.
- ManagedPolicyArns: ARN of the IAM policies to attach.
- Path: Path to the group. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html).
- Policies: Inline policies embedded in the IAM group.
More info at [AWS Docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html)
"""
GroupName: Optional[ResolvableStr] = None
ManagedPolicyArns: Optional[Resolvable[List[ResolvableStr]]] = None
Path: Optional[ResolvableStr] = None
Policies: Optional[Resolvable[List[IAMPolicy]]] = None
class IAMGroup(Resource):
"""
Properties:
- Properties: A [IAM Group properties][pycfmodel.model.resources.iam_group.IAMGroupProperties] object.
More info at [AWS Docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html)
"""
TYPE_VALUE: ClassVar = "AWS::IAM::Group"
Type: str = TYPE_VALUE
Properties: Resolvable[IAMGroupProperties]def invoke(self, cfmodel: CFModel, extras: Optional[Dict] = None) -> Result:
result = Result()
for logical_id, resource in cfmodel.Resources.items():
if isinstance(resource, (IAMManagedPolicy, IAMPolicy, S3BucketPolicy, SNSTopicPolicy, SQSQueuePolicy)):
self.check_for_wildcards(result, logical_id, resource.Properties.PolicyDocument)
elif isinstance(resource, (IAMRole, IAMUser)):
if isinstance(resource, IAMRole):
self.check_for_wildcards(result, logical_id, resource.Properties.AssumeRolePolicyDocument)
if resource.Properties and resource.Properties.Policies:
for policy in resource.Properties.Policies:
self.check_for_wildcards(result, logical_id, policy.PolicyDocument)
return resultdef invoke(self, cfmodel: CFModel, extras: Optional[Dict] = None) -> Result:
result = Result()
for logical_id, resource in cfmodel.Resources.items():
if isinstance(resource, IAMPolicy):
policy_actions = set(action.lower() for action in resource.Properties.PolicyDocument.get_iam_actions())
for violation in policy_actions.intersection(self.IAM_BLACKLIST):
self.add_failure_to_result(
result, self.REASON.format(logical_id, violation), resource_ids={logical_id}
)
return resultfrom .resources.s3_bucket_policy import S3BucketPolicy
from .resources.security_group import SecurityGroup
from .resources.security_group_egress import SecurityGroupEgress
from .resources.security_group_ingress import SecurityGroupIngress
from .resources.sqs_queue_policy import SQSQueuePolicy
from .resources.sns_topic_policy import SNSTopicPolicy
from .resources.kms_key import KMSKey
_RESOURCE_MAP = {
"AWS::EC2::SecurityGroup": SecurityGroup,
"AWS::EC2::SecurityGroupEgress": SecurityGroupEgress,
"AWS::EC2::SecurityGroupIngress": SecurityGroupIngress,
"AWS::IAM::Group": IAMGroup,
"AWS::IAM::ManagedPolicy": IAMManagedPolicy,
"AWS::IAM::Policy": IAMPolicy,
"AWS::IAM::Role": IAMRole,
"AWS::IAM::User": IAMUser,
"AWS::KMS::Key": KMSKey,
"AWS::S3::BucketPolicy": S3BucketPolicy,
"AWS::SNS::TopicPolicy": SNSTopicPolicy,
"AWS::SQS::QueuePolicy": SQSQueuePolicy,
}
_DEFAULT_RESOURCE = Resource
def create_resource(logical_id: str, value: Dict[str, Any]) -> Resource:
resource = _RESOURCE_MAP.get(value.get("Type"), _DEFAULT_RESOURCE)
return resource(logical_id, value)from pycfmodel.model.resources.iam_managed_policy import IAMManagedPolicy
from pycfmodel.model.resources.iam_policy import IAMPolicy
from pycfmodel.model.resources.iam_role import IAMRole
from pycfmodel.model.resources.iam_user import IAMUser
from pycfmodel.model.resources.kms_key import KMSKey
from pycfmodel.model.resources.s3_bucket_policy import S3BucketPolicy
from pycfmodel.model.resources.security_group import SecurityGroup
from pycfmodel.model.resources.security_group_egress import SecurityGroupEgress
from pycfmodel.model.resources.security_group_ingress import SecurityGroupIngress
from pycfmodel.model.resources.sns_topic_policy import SNSTopicPolicy
from pycfmodel.model.resources.sqs_queue_policy import SQSQueuePolicy
ResourceModels = Union[
IAMGroup,
IAMManagedPolicy,
IAMPolicy,
IAMRole,
IAMUser,
KMSKey,
S3BucketPolicy,
SecurityGroup,
SecurityGroupEgress,
SecurityGroupIngress,
SNSTopicPolicy,
SQSQueuePolicy,
]def invoke(self, cfmodel: CFModel, extras: Optional[Dict] = None) -> Result:
result = Result()
for logical_id, resource in cfmodel.Resources.items():
if isinstance(resource, IAMPolicy) and resource.Properties.Users:
self.add_failure_to_result(result, self.REASON.format(logical_id), resource_ids={logical_id})
return resultpycfmodel
A python model for CloudFormation scripts
Package Health Score
78 / 100Popular pycfmodel functions
- pycfmodel.core.parse
- pycfmodel.model.base.CustomModel
- pycfmodel.model.cf_model.CFModel
- pycfmodel.model.parameter.Parameter
- pycfmodel.model.parameter.Parameter.NO_ECHO_NO_DEFAULT
- pycfmodel.model.resources.iam_managed_policy.IAMManagedPolicy
- pycfmodel.model.resources.iam_policy.IAMPolicy
- pycfmodel.model.resources.iam_role.IAMRole
- pycfmodel.model.resources.properties.policy_document.PolicyDocument
- pycfmodel.model.resources.properties.statement.Statement
- pycfmodel.model.resources.properties.statement_condition.StatementCondition
- pycfmodel.model.resources.resource.Resource
- pycfmodel.model.resources.s3_bucket_policy.S3BucketPolicy
- pycfmodel.model.resources.security_group_ingress.SecurityGroupIngress
- pycfmodel.model.resources.sqs_queue_policy.SQSQueuePolicy
- pycfmodel.model.types.Resolvable
- pycfmodel.model.types.ResolvableStr
- pycfmodel.parse
- pycfmodel.resolver.resolve
- pycfmodel.utils.is_resolvable_dict