Skip to content

Commit

Permalink
feat(policy-templates): add new policy for allowing step functions ex… (
Browse files Browse the repository at this point in the history 
#904)
  • Loading branch information
@ljacobsson @keetonian
ljacobsson authored and keetonian committed May 3, 2019
1 parent 9385a0a commit a7035eb
Show file tree
Hide file tree
Showing 6 changed files with 97 additions and 0 deletions.
3 changes: 3 additions & 0 deletions examples/2016-10-31/policy_templates/all_policy_templates.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,3 +87,6 @@ Resources:

- FilterLogEventsPolicy:
LogGroupName: name

- StepFunctionsExecutionPolicy:
StateMachineName: name
28 changes: 28 additions & 0 deletions samtranslator/policy_templates_data/policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1562,6 +1562,34 @@
}
]
}
},
"StepFunctionsExecutionPolicy": {
"Description": "Gives permission to start a Step Functions state machine execution",
"Parameters": {
"StateMachineName": {
"Description":"The name of the state machine to execute."
}
},
"Definition": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": {
"Fn::Sub": [
"arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${stateMachineName}",
{
"stateMachineName": {
"Ref": "StateMachineName"
}
}
]
}
}
]
}
}
}
}
3 changes: 3 additions & 0 deletions tests/translator/input/all_policy_templates.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,3 +143,6 @@ Resources:

- SSMParameterReadPolicy:
ParameterName: name

- StepFunctionsExecutionPolicy:
StateMachineName: name
21 changes: 21 additions & 0 deletions tests/translator/output/all_policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1215,6 +1215,27 @@
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy49",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": {
"Fn::Sub": [
"arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${stateMachineName}",
{
"stateMachineName": "name"
}
]
}
}
]
}
}
],
"AssumeRolePolicyDocument": {
Expand Down
21 changes: 21 additions & 0 deletions tests/translator/output/aws-cn/all_policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1214,6 +1214,27 @@
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy49",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": {
"Fn::Sub": [
"arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${stateMachineName}",
{
"stateMachineName": "name"
}
]
}
}
]
}
}
],
"AssumeRolePolicyDocument": {
Expand Down
21 changes: 21 additions & 0 deletions tests/translator/output/aws-us-gov/all_policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1215,6 +1215,27 @@
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy49",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"states:StartExecution"
],
"Resource": {
"Fn::Sub": [
"arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${stateMachineName}",
{
"stateMachineName": "name"
}
]
}
}
]
}
}
],
"AssumeRolePolicyDocument": {
Expand Down

0 comments on commit a7035eb

Please sign in to comment.