Skip to content

Commit

Permalink
Five new policy templates
Browse files Browse the repository at this point in the history 
- PollyFullAccessPolicy
- S3FullAccessPolicy
- CodePipelineLambdaExecutionPolicy: Gives permission for a Lambda function invoked by AWS CodePipeline to report back status of the job
- ServerlessRepoReadWriteAccessPolicy: Gives access permissions to create and list applications in the AWS Serverless Application Repository service
- EC2CopyImagePolicy: Gives permission to copy EC2 Images
  • Loading branch information
@sanathkr
sanathkr committed Mar 12, 2018
1 parent 629ddf2 commit 240ea95
Showing 1 changed file with 173 additions and 1 deletion.
174 changes: 173 additions & 1 deletion docs/policy_templates_data/policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -258,7 +258,7 @@
}
},
"S3CrudPolicy": {
"Description": "Gives CRUD permissions to objects in the S3 Bucket",
"Description": "Gives read permissions to objects in the S3 Bucket",
"Parameters": {
"BucketName": {
"Description": "Name of the Bucket"
Expand Down Expand Up @@ -711,6 +711,178 @@
}
]
}
},
"PollyFullAccessPolicy": {
"Description": "Gives full access permissions to Polly lexicon resources",
"Parameters": {
"LexiconName": {
"Description": "Name of the Lexicon"
}
},
"Definition": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"polly:GetLexicon",
"polly:DeleteLexicon"
],
"Resource": [
{
"Fn::Sub": [
"arn:${AWS::Partition}:polly:${AWS::Region}:${AWS::AccountId}:lexicon/${lexiconName}",
{
"lexiconName": {
"Ref": "LexiconName"
}
}
]
}
]
},
{
"Effect": "Allow",
"Action": [
"polly:DescribeVoices",
"polly:ListLexicons",
"polly:PutLexicon",
"polly:SynthesizeSpeech"
],
"Resource": [
{
"Fn::Sub": "arn:${AWS::Partition}:polly:${AWS::Region}:${AWS::AccountId}:lexicon/*"
}
]
}
]
}
},
"S3FullAccessPolicy": {
"Description": "Gives full access permissions to objects in the S3 Bucket",
"Parameters": {
"BucketName": {
"Description": "Name of the Bucket"
}
},
"Definition": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:DeleteObject"
],
"Resource": [
{
"Fn::Sub": [
"arn:${AWS::Partition}:s3:::${bucketName}/*",
{
"bucketName": {
"Ref": "BucketName"
}
}
]
}
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetLifecycleConfiguration",
"s3:PutLifecycleConfiguration"
],
"Resource": [
{
"Fn::Sub": [
"arn:${AWS::Partition}:s3:::${bucketName}",
{
"bucketName": {
"Ref": "BucketName"
}
}
]
}
]
}
]
}
},
"CodePipelineLambdaExecutionPolicy": {
"Description": "Gives permission for a Lambda function invoked by AWS CodePipeline to report back status of the job",
"Parameters": {},
"Definition": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"codepipeline:PutJobSuccessResult",
"codepipeline:PutJobFailureResult"
],
"Resource": [
{
"Fn::Sub": "arn:${AWS::Partition}:codepipeline:${AWS::Region}:${AWS::AccountId}:*"
}
]
}
]
}
},
"ServerlessRepoReadWriteAccessPolicy": {
"Description": "Gives access permissions to create and list applications in the AWS Serverless Application Repository service",
"Parameters": {},
"Definition": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"serverlessrepo:CreateApplication",
"serverlessrepo:CreateApplicationVersion",
"serverlessrepo:GetApplication",
"serverlessrepo:ListApplications",
"serverlessrepo:ListApplicationVersions"
],
"Resource": [
{
"Fn::Sub": "arn:${AWS::Partition}:serverlessrepo:${AWS::Region}:${AWS::AccountId}:applications/*"
}
]
}
]
}
},
"EC2CopyImagePolicy": {
"Description": "Gives permission top copy EC2 Images",
"Parameters": {
"ImageId": {
"Description": "The id of the image"
}
},
"Definition": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CopyImage"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:image/${imageId}",
{
"imageId": {
"Ref": "ImageId"
}
}
]
}
}
]
}
}
}
}

0 comments on commit 240ea95

Please sign in to comment.