Skip to content

Commit

Permalink
Merge pull request #6 from AllenInstitute/add-ssm-policy-statement
Browse files Browse the repository at this point in the history 
Add ssm policy statement
  • Loading branch information
@njmei
njmei authored May 21, 2024
2 parents 44a7438 + 8922639 commit 732c1a9
Showing 1 changed file with 16 additions and 2 deletions.
18 changes: 16 additions & 2 deletions src/aibs_informatics_cdk_lib/common/aws/iam_utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,12 @@

SNS_FULL_ACCESS_ACTIONS = ["sns:*"]

SSM_READ_ACTIONS = [
"ssm:GetParameter",
"ssm:GetParameters",
"ssm:GetParametersByPath",
]


def batch_policy_statement(
env_base: Optional[EnvBase] = None,
Expand Down Expand Up @@ -229,7 +235,7 @@ def s3_policy_statement(
)


def ses_policty_statement(
def ses_policy_statement(
actions: List[str] = SES_FULL_ACCESS_ACTIONS,
sid: str = "SESFullAccess",
) -> iam.PolicyStatement:
Expand Down Expand Up @@ -263,7 +269,7 @@ def sfn_policy_statement(
)


def sns_policty_statement(
def sns_policy_statement(
actions: List[str] = SNS_FULL_ACCESS_ACTIONS,
sid: str = "SNSFullAccess",
) -> iam.PolicyStatement:
Expand All @@ -279,6 +285,14 @@ def sns_policty_statement(
)


def ssm_policy_statement(
actions: List[str] = SSM_READ_ACTIONS, sid: str = "SSMParamReadActions"
) -> iam.PolicyStatement:
return iam.PolicyStatement(
sid=sid, actions=actions, effect=iam.Effect.ALLOW, resources=[build_arn(service="ssm")]
)


def grant_managed_policies(
role: Optional[iam.IRole],
*managed_policies: Union[str, iam.ManagedPolicy],
Expand Down

0 comments on commit 732c1a9

Please sign in to comment.