Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implements statement collections #22

Merged
merged 18 commits into from
Aug 31, 2020
Merged

Implements statement collections #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
0251986
implements base for statement collections with a first collection
udondan Jul 26, 2020
8947b3f
fix collection name
udondan Jul 26, 2020
2c3f350
updates ToC
udondan Jul 26, 2020
e29d142
fix collection name
udondan Jul 26, 2020
0b77c8b
adjust scripts to use new package structure
udondan Jul 26, 2020
bfebbb1
adds changelog for next release
udondan Jul 26, 2020
fa21af8
bump version
udondan Jul 26, 2020
6ce753a
fix version, 0.31 was already released
udondan Jul 26, 2020
6d46a71
Merge branch 'master' into statement-collections
udondan Jul 26, 2020
51859f4
updates version, since we 0.32 has already been released
udondan Jul 26, 2020
2d50c2a
Merge branch 'statement-collections' of https://github.com/udondan/ia…
udondan Jul 26, 2020
da8d8c4
Merge branch 'master' into statement-collections
udondan Jul 26, 2020
d3744f8
Merge branch 'master' into statement-collections
udondan Jul 27, 2020
d345e7c
implements new .ifAwsRequestTag condition
udondan Jul 27, 2020
71e614d
merge in master
udondan Aug 31, 2020
1274102
export all from shared
udondan Aug 31, 2020
87cd6e2
re-generate index with correct exports
udondan Aug 31, 2020
4e79533
fix action methods
udondan Aug 31, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG/v0.53.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
**New functionality:**

- Adds statement collections
23 changes: 23 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,8 @@ There are two different package variants available:
* [notResources](#notResources)
* [notPrincipals](#notPrincipals)
* [for*](#for)
* [Collections](#Collections)
* [allowEc2InstanceDeleteByOwner](#allowEc2InstanceDeleteByOwner)
* [Floyd?](#Floyd)
* [Similar projects](#Similarprojects)
* [Legal](#Legal)
Expand Down Expand Up @@ -515,6 +517,27 @@ new statement.Sts()
)
```

## <a name='Collections'></a>Collections

The package provides commonly used statement collections. These can be called via `new statement.Collection().allowEc2InstanceDeleteByOwner()`. Collections return a list of statements, which then can be used in a policy like this:

```typescript
const policy = {
Version: '2012-10-17',
Statement: [
...new statement.Collection().allowEc2InstanceDeleteByOwner(),
],
}
```

Available collections are:

- **allowEc2InstanceDeleteByOwner**: Allows stopping EC2 instance only for the user who started them

### <a name='allowEc2InstanceDeleteByOwner'></a>allowEc2InstanceDeleteByOwner

Allows stopping EC2 instance only for the user who started them.

## <a name='Floyd'></a>Floyd?

George Floyd has been murdered by racist police officers on May 25th, 2020.
Expand Down
2 changes: 1 addition & 1 deletion VERSION
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.52.4
0.53.0
2 changes: 1 addition & 1 deletion bin/mkchangelog
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ function gitDiffModules() {
}

function gitDiffIndex() {
getDiff lib/index.ts
getDiff lib/generated/index.ts
}

function getVersion() {
Expand Down
2 changes: 1 addition & 1 deletion bin/mkstats
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/usr/bin/env bash

function getNoServices() {
find lib/generated/*.ts | grep -cv '\.d\.ts'
find lib/generated/*.ts | grep -v index.ts | grep -cv '\.d\.ts'
}

function getNoActions() {
Expand Down
21 changes: 21 additions & 0 deletions lib/collection/allowEc2InstanceDeleteByOwner.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
import * as statement from '..';

/**
* Allows stopping EC2 instance only for the user who started them
*
* @param tag The tag name, where the user information will be stored - default: `Owner`
*/

export function allowEc2InstanceDeleteByOwner(tag?: string) {
const tagName = tag || 'Owner';
return [
new statement.Ec2()
.allow()
.toStartInstances()
.ifAwsRequestTag(tagName, '${aws:username}'),
new statement.Ec2()
.allow()
.toStopInstances()
.ifResourceTag(tagName, '${aws:username}'),
];
}
7 changes: 7 additions & 0 deletions lib/collection/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
import { allowEc2InstanceDeleteByOwner } from './allowEc2InstanceDeleteByOwner';

export class Collection {
public allowEc2InstanceDeleteByOwner() {
return allowEc2InstanceDeleteByOwner();
}
}
237 changes: 237 additions & 0 deletions lib/generated/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,237 @@
export { A4b } from "./alexaforbusiness";
export { ExecuteApi } from "./amazonapigateway";
export { Appflow } from "./amazonappflow";
export { Appstream } from "./amazonappstream2-0";
export { Athena } from "./amazonathena";
export { Braket } from "./amazonbraket";
export { Chime } from "./amazonchime";
export { Clouddirectory } from "./amazonclouddirectory";
export { Cloudfront } from "./amazoncloudfront";
export { Cloudsearch } from "./amazoncloudsearch";
export { Cloudwatch } from "./amazoncloudwatch";
export { Logs } from "./amazoncloudwatchlogs";
export { Synthetics } from "./amazoncloudwatchsynthetics";
export { Codeguru } from "./amazoncodeguru";
export { CodeguruProfiler } from "./amazoncodeguruprofiler";
export { CodeguruReviewer } from "./amazoncodegurureviewer";
export { CognitoIdentity } from "./amazoncognitoidentity";
export { CognitoSync } from "./amazoncognitosync";
export { CognitoIdp } from "./amazoncognitouserpools";
export { Comprehend } from "./amazoncomprehend";
export { Connect } from "./amazonconnect";
export { Dlm } from "./amazondatalifecyclemanager";
export { Detective } from "./amazondetective";
export { Dynamodb } from "./amazondynamodb";
export { Dax } from "./amazondynamodbacceleratordax";
export { Ec2 } from "./amazonec2";
export { Autoscaling } from "./amazonec2autoscaling";
export { Imagebuilder } from "./amazonec2imagebuilder";
export { Ec2InstanceConnect } from "./amazonec2instanceconnect";
export { Elasticache } from "./amazonelasticache";
export { Ebs } from "./amazonelasticblockstore";
export { Ecr } from "./amazonelasticcontainerregistry";
export { Ecs } from "./amazonelasticcontainerservice";
export { Eks } from "./amazonelasticcontainerserviceforkubernetes";
export { Elasticfilesystem } from "./amazonelasticfilesystem";
export { ElasticInference } from "./amazonelasticinference";
export { Elasticmapreduce } from "./amazonelasticmapreduce";
export { Es } from "./amazonelasticsearchservice";
export { Elastictranscoder } from "./amazonelastictranscoder";
export { Events } from "./amazoneventbridge";
export { Schemas } from "./amazoneventbridgeschemas";
export { Forecast } from "./amazonforecast";
export { Frauddetector } from "./amazonfrauddetector";
export { Freertos } from "./amazonfreertos";
export { Fsx } from "./amazonfsx";
export { Gamelift } from "./amazongamelift";
export { Glacier } from "./amazonglacier";
export { Groundtruthlabeling } from "./amazongroundtruthlabeling";
export { Guardduty } from "./amazonguardduty";
export { Honeycode } from "./amazonhoneycode";
export { Inspector } from "./amazoninspector";
export { Ivs } from "./amazoninteractivevideoservice";
export { Kendra } from "./amazonkendra";
export { Cassandra } from "./amazonkeyspacesforapachecassandra";
export { Kinesis } from "./amazonkinesis";
export { Kinesisanalytics } from "./amazonkinesisanalytics";
export { KinesisanalyticsV2 } from "./amazonkinesisanalyticsv2";
export { Firehose } from "./amazonkinesisfirehose";
export { Kinesisvideo } from "./amazonkinesisvideostreams";
export { Lex } from "./amazonlex";
export { Lightsail } from "./amazonlightsail";
export { Machinelearning } from "./amazonmachinelearning";
export { Macie2 } from "./amazonmacie";
export { Macie } from "./amazonmacieclassic";
export { Managedblockchain } from "./amazonmanagedblockchain";
export { Kafka } from "./amazonmanagedstreamingforapachekafka";
export { Mechanicalturk } from "./amazonmechanicalturk";
export { Ec2messages } from "./amazonmessagedeliveryservice";
export { Mobileanalytics } from "./amazonmobileanalytics";
export { Mq } from "./amazonmq";
export { NeptuneDb } from "./amazonneptune";
export { Personalize } from "./amazonpersonalize";
export { Mobiletargeting } from "./amazonpinpoint";
export { SesPinpoint } from "./amazonpinpointemailservice";
export { SmsVoice } from "./amazonpinpointsmsandvoiceservice";
export { Polly } from "./amazonpolly";
export { Qldb } from "./amazonqldb";
export { Quicksight } from "./amazonquicksight";
export { Rds } from "./amazonrds";
export { RdsData } from "./amazonrdsdataapi";
export { RdsDb } from "./amazonrdsiamauthentication";
export { Redshift } from "./amazonredshift";
export { Rekognition } from "./amazonrekognition";
export { Tag } from "./amazonresourcegrouptaggingapi";
export { Route53 } from "./amazonroute53";
export { Route53domains } from "./amazonroute53domains";
export { Route53resolver } from "./amazonroute53resolver";
export { S3 } from "./amazons3";
export { Sagemaker } from "./amazonsagemaker";
export { Ses } from "./amazonses";
export { Ssmmessages } from "./amazonsessionmanagermessagegatewayservice";
export { Sdb } from "./amazonsimpledb";
export { Swf } from "./amazonsimpleworkflowservice";
export { Sns } from "./amazonsns";
export { Sqs } from "./amazonsqs";
export { Storagegateway } from "./amazonstoragegateway";
export { Sumerian } from "./amazonsumerian";
export { Textract } from "./amazontextract";
export { Transcribe } from "./amazontranscribe";
export { Translate } from "./amazontranslate";
export { Workdocs } from "./amazonworkdocs";
export { Worklink } from "./amazonworklink";
export { Workmail } from "./amazonworkmail";
export { Workmailmessageflow } from "./amazonworkmailmessageflow";
export { Workspaces } from "./amazonworkspaces";
export { Wam } from "./amazonworkspacesapplicationmanager";
export { ApplicationAutoscaling } from "./applicationautoscaling";
export { Discovery } from "./applicationdiscovery";
export { Arsenal } from "./applicationdiscoveryarsenal";
export { Account } from "./awsaccounts";
export { Amplify } from "./awsamplify";
export { Appconfig } from "./awsappconfig";
export { Appmesh } from "./awsappmesh";
export { AppmeshPreview } from "./awsappmeshpreview";
export { Appsync } from "./awsappsync";
export { Artifact } from "./awsartifact";
export { AutoscalingPlans } from "./awsautoscaling";
export { Backup } from "./awsbackup";
export { BackupStorage } from "./awsbackupstorage";
export { Batch } from "./awsbatch";
export { AwsPortal } from "./awsbilling";
export { Budgets } from "./awsbudgetservice";
export { Acm } from "./awscertificatemanager";
export { AcmPca } from "./awscertificatemanagerprivatecertificateauthority";
export { Chatbot } from "./awschatbot";
export { Cloud9 } from "./awscloud9";
export { Cloudformation } from "./awscloudformation";
export { Cloudhsm } from "./awscloudhsm";
export { Servicediscovery } from "./awscloudmap";
export { Cloudtrail } from "./awscloudtrail";
export { Codeartifact } from "./awscodeartifact";
export { Codebuild } from "./awscodebuild";
export { Codecommit } from "./awscodecommit";
export { Codedeploy } from "./awscodedeploy";
export { Codepipeline } from "./awscodepipeline";
export { Signer } from "./awscodesigningforamazonfreertos";
export { Codestar } from "./awscodestar";
export { CodestarConnections } from "./awscodestarconnections";
export { CodestarNotifications } from "./awscodestarnotifications";
export { Config } from "./awsconfig";
export { Awsconnector } from "./awsconnectorservice";
export { Cur } from "./awscostandusagereport";
export { Ce } from "./awscostexplorerservice";
export { Dms } from "./awsdatabasemigrationservice";
export { Dataexchange } from "./awsdataexchange";
export { Deepcomposer } from "./awsdeepcomposer";
export { Deeplens } from "./awsdeeplens";
export { Deepracer } from "./awsdeepracer";
export { Devicefarm } from "./awsdevicefarm";
export { Directconnect } from "./awsdirectconnect";
export { Ds } from "./awsdirectoryservice";
export { Elasticbeanstalk } from "./awselasticbeanstalk";
export { ElementalAppliancesSoftware } from "./awselementalappliancesandsoftware";
export { Mediaconnect } from "./awselementalmediaconnect";
export { Mediaconvert } from "./awselementalmediaconvert";
export { Medialive } from "./awselementalmedialive";
export { Mediapackage } from "./awselementalmediapackage";
export { MediapackageVod } from "./awselementalmediapackagevod";
export { Mediastore } from "./awselementalmediastore";
export { Mediatailor } from "./awselementalmediatailor";
export { Fms } from "./awsfirewallmanager";
export { Globalaccelerator } from "./awsglobalaccelerator";
export { Glue } from "./awsglue";
export { Groundstation } from "./awsgroundstation";
export { Health } from "./awshealthapisandnotifications";
export { Importexport } from "./awsimportexportdiskservice";
export { Iot } from "./awsiot";
export { Iot1click } from "./awsiot1-click";
export { Iotanalytics } from "./awsiotanalytics";
export { IotDeviceTester } from "./awsiotdevicetester";
export { Iotevents } from "./awsiotevents";
export { Greengrass } from "./awsiotgreengrass";
export { Iotsitewise } from "./awsiotsitewise";
export { Iotthingsgraph } from "./awsiotthingsgraph";
export { Iq } from "./awsiq";
export { IqPermission } from "./awsiqpermissions";
export { Kms } from "./awskeymanagementservice";
export { Lakeformation } from "./awslakeformation";
export { Lambda } from "./awslambda";
export { LicenseManager } from "./awslicensemanager";
export { AwsMarketplace } from "./awsmarketplace";
export { AwsMarketplaceCatalog } from "./awsmarketplacecatalog";
export { AwsMarketplaceEntitlementService } from "./awsmarketplaceentitlementservice";
export { AwsMarketplaceImageBuildingService } from "./awsmarketplaceimagebuildingservice";
export { AwsMarketplaceManagement } from "./awsmarketplacemanagementportal";
export { AwsMarketplaceMeteringService } from "./awsmarketplacemeteringservice";
export { AwsMarketplaceProcurementSystemsIntegration } from "./awsmarketplaceprocurementsystemsintegration";
export { Mgh } from "./awsmigrationhub";
export { Mobilehub } from "./awsmobilehub";
export { Opsworks } from "./awsopsworks";
export { OpsworksCm } from "./awsopsworksconfigurationmanagement";
export { Organizations } from "./awsorganizations";
export { Outposts } from "./awsoutposts";
export { Pi } from "./awsperformanceinsights";
export { Pricing } from "./awspricelist";
export { AwsMarketplacePrivate } from "./awsprivatemarketplace";
export { PurchaseOrders } from "./awspurchaseordersconsole";
export { Ram } from "./awsresourceaccessmanager";
export { ResourceGroups } from "./awsresourcegroups";
export { Robomaker } from "./awsrobomaker";
export { Savingsplans } from "./awssavingsplans";
export { Secretsmanager } from "./awssecretsmanager";
export { Securityhub } from "./awssecurityhub";
export { Sts } from "./awssecuritytokenservice";
export { Serverlessrepo } from "./awsserverlessapplicationrepository";
export { Sms } from "./awsservermigrationservice";
export { Servicecatalog } from "./awsservicecatalog";
export { Shield } from "./awsshield";
export { Snowball } from "./awssnowball";
export { Sso } from "./awssso";
export { SsoDirectory } from "./awsssodirectory";
export { States } from "./awsstepfunctions";
export { Support } from "./awssupport";
export { Ssm } from "./awssystemsmanager";
export { ResourceExplorer } from "./awstageditor";
export { Transfer } from "./awstransferforsftp";
export { Trustedadvisor } from "./awstrustedadvisor";
export { Waf } from "./awswaf";
export { WafRegional } from "./awswafregional";
export { Wafv2 } from "./awswafv2";
export { Wellarchitected } from "./awswell-architectedtool";
export { Xray } from "./awsx-ray";
export { Applicationinsights } from "./cloudwatchapplicationinsights";
export { Comprehendmedical } from "./comprehendmedical";
export { ComputeOptimizer } from "./computeoptimizer";
export { Dbqms } from "./databasequerymetadataservice";
export { Datapipeline } from "./datapipeline";
export { Datasync } from "./datasync";
export { Elasticloadbalancing } from "./elasticloadbalancing";
export { ElasticloadbalancingV2 } from "./elasticloadbalancingv2";
export { ElementalActivations } from "./elementalactivations";
export { AccessAnalyzer } from "./iamaccessanalyzer";
export { Iam } from "./identityandaccessmanagement";
export { Launchwizard } from "./launchwizard";
export { Apigateway } from "./manageamazonapigateway";
export { Networkmanager } from "./networkmanager";
export { Servicequotas } from "./servicequotas";
8 changes: 2 additions & 6 deletions lib/generator/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -540,7 +540,7 @@ export function createModule(module: Module): Promise<void> {
}

export function createIndex() {
const filePath = './lib/index.ts';
const filePath = './lib/generated/index.ts';
process.stdout.write('index: '.white);
process.stdout.write('Generating '.cyan);

Expand All @@ -549,10 +549,6 @@ export function createIndex() {
}
const sourceFile = project.createSourceFile(filePath);

sourceFile.addExportDeclaration({
moduleSpecifier: './shared',
});

modules.sort().forEach((module) => {
const source = project.addSourceFileAtPath(
`./lib/generated/${module.filename}.ts`
Expand All @@ -567,7 +563,7 @@ export function createIndex() {

sourceFile.addExportDeclaration({
namedExports: exports,
moduleSpecifier: `./generated/${module.filename}`,
moduleSpecifier: `./${module.filename}`,
});
});

Expand Down
Loading