From e12f48cd2f0c739d6d9b64bd7ac564a7513a82e3 Mon Sep 17 00:00:00 2001 From: Nicholas Mei Date: Sat, 18 May 2024 18:25:57 -0700 Subject: [PATCH 1/2] Add SSM policy statement to iam_utils.py --- .../common/aws/iam_utils.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/aibs_informatics_cdk_lib/common/aws/iam_utils.py b/src/aibs_informatics_cdk_lib/common/aws/iam_utils.py index ba7a590..7cd9942 100644 --- a/src/aibs_informatics_cdk_lib/common/aws/iam_utils.py +++ b/src/aibs_informatics_cdk_lib/common/aws/iam_utils.py @@ -118,6 +118,12 @@ SNS_FULL_ACCESS_ACTIONS = ["sns:*"] +SSM_READ_ACTIONS = [ + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:GetParametersByPath", +] + def batch_policy_statement( env_base: Optional[EnvBase] = None, @@ -279,6 +285,14 @@ def sns_policty_statement( ) +def ssm_policy_statement( + actions: List[str] = SSM_READ_ACTIONS, sid: str = "SSMParamReadActions" +) -> iam.PolicyStatement: + return iam.PolicyStatement( + sid=sid, actions=actions, effect=iam.Effect.ALLOW, resources=[build_arn(service="ssm")] + ) + + def grant_managed_policies( role: Optional[iam.IRole], *managed_policies: Union[str, iam.ManagedPolicy], From 8922639884cebcdc4d1450a9c44a418bfb01a520 Mon Sep 17 00:00:00 2001 From: Nicholas Mei Date: Sat, 18 May 2024 18:26:32 -0700 Subject: [PATCH 2/2] Fix spelling errors in function names --- src/aibs_informatics_cdk_lib/common/aws/iam_utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/aibs_informatics_cdk_lib/common/aws/iam_utils.py b/src/aibs_informatics_cdk_lib/common/aws/iam_utils.py index 7cd9942..5c2643f 100644 --- a/src/aibs_informatics_cdk_lib/common/aws/iam_utils.py +++ b/src/aibs_informatics_cdk_lib/common/aws/iam_utils.py @@ -235,7 +235,7 @@ def s3_policy_statement( ) -def ses_policty_statement( +def ses_policy_statement( actions: List[str] = SES_FULL_ACCESS_ACTIONS, sid: str = "SESFullAccess", ) -> iam.PolicyStatement: @@ -269,7 +269,7 @@ def sfn_policy_statement( ) -def sns_policty_statement( +def sns_policy_statement( actions: List[str] = SNS_FULL_ACCESS_ACTIONS, sid: str = "SNSFullAccess", ) -> iam.PolicyStatement: