Skip to content

Commit

Permalink
Add FilterLogEventsPolicy to policy templates. (#729)
Browse files Browse the repository at this point in the history 
This commit adds a new policy to the policy templates
that grants permission to call the filter-log-events API,
given a Log Group name.
  • Loading branch information
@ylynn @jlhood
ylynn authored and jlhood committed Dec 19, 2018
1 parent 9196f45 commit aa00bb1
Show file tree
Hide file tree
Showing 6 changed files with 97 additions and 0 deletions.
3 changes: 3 additions & 0 deletions examples/2016-10-31/policy_templates/all_policy_templates.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,3 +82,6 @@ Resources:

- SESBulkTemplatedCrudPolicy:
IdentityName: name

- FilterLogEventsPolicy:
LogGroupName: name
28 changes: 28 additions & 0 deletions samtranslator/policy_templates_data/policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1475,6 +1475,34 @@
}
]
}
},
"FilterLogEventsPolicy": {
"Description": "Gives permission to filter Log Events from a specified Log Group",
"Parameters": {
"LogGroupName": {
"Description": "Name of the Log Group"
}
},
"Definition": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:FilterLogEvents"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${logGroupName}:log-stream:*",
{
"logGroupName": {
"Ref": "LogGroupName"
}
}
]
}
}
]
}
}
}
}
3 changes: 3 additions & 0 deletions tests/translator/input/all_policy_templates.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,3 +135,6 @@ Resources:

- SESBulkTemplatedCrudPolicy:
IdentityName: name

- FilterLogEventsPolicy:
LogGroupName: name
21 changes: 21 additions & 0 deletions tests/translator/output/all_policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1143,6 +1143,27 @@
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy46",
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:FilterLogEvents"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${logGroupName}:log-stream:*",
{
"logGroupName": "name"
}
]
},
"Effect": "Allow"
}
]
}
}
],
"AssumeRolePolicyDocument": {
Expand Down
21 changes: 21 additions & 0 deletions tests/translator/output/aws-cn/all_policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1142,6 +1142,27 @@
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy46",
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:FilterLogEvents"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${logGroupName}:log-stream:*",
{
"logGroupName": "name"
}
]
},
"Effect": "Allow"
}
]
}
}
],
"AssumeRolePolicyDocument": {
Expand Down
21 changes: 21 additions & 0 deletions tests/translator/output/aws-us-gov/all_policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1143,6 +1143,27 @@
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy46",
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:FilterLogEvents"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${logGroupName}:log-stream:*",
{
"logGroupName": "name"
}
]
},
"Effect": "Allow"
}
]
}
}
],
"AssumeRolePolicyDocument": {
Expand Down

0 comments on commit aa00bb1

Please sign in to comment.