Skip to content

Commit

Permalink
feat(policy-template): add MobileAnalyticsWriteOnlyAccessPolicy and P…
Browse files Browse the repository at this point in the history 
…inpointEndpointAccessPolicy policy templates (#408)
  • Loading branch information
@simalexan @brettstack
simalexan authored and brettstack committed May 23, 2018
1 parent fc92744 commit c5a60ab
Show file tree
Hide file tree
Showing 6 changed files with 209 additions and 0 deletions.
45 changes: 45 additions & 0 deletions docs/policy_templates_data/policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1133,6 +1133,51 @@
}]
}
},
"MobileAnalyticsWriteOnlyAccessPolicy": {
"Description": "Gives write only permissions to put event data for all application resources",
"Parameters": {},
"Definition": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents"
],
"Resource": "*"
}
]
}
},
"PinpointEndpointAccessPolicy": {
"Description": "Gives permissions to get and update endpoints for a Pinpoint application",
"Parameters": {
"PinpointApplicationId": {
"Description": "The id of your Pinpoint application"
}
},
"Definition": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobiletargeting:GetEndpoint",
"mobiletargeting:UpdateEndpoint",
"mobiletargeting:UpdateEndpointsBatch"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:mobiletargeting:${AWS::Region}:${AWS::AccountId}:apps/${pinpointApplicationId}/endpoints/*",
{
"pinpointApplicationId": {
"Ref": "PinpointApplicationId"
}
}
]
}
}
]
}
},
"FirehoseWritePolicy": {
"Description": "Gives permission to write to a Kinesis Firehose Delivery Stream",
"Parameters": {
Expand Down
47 changes: 47 additions & 0 deletions samtranslator/policy_templates_data/policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1156,6 +1156,53 @@
]
}
},
"MobileAnalyticsWriteOnlyAccessPolicy": {
"Description": "Gives write only permissions to put event data for all application resources",
"Parameters": {

},
"Definition": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents"
],
"Resource": "*"
}
]
}
},
"PinpointEndpointAccessPolicy": {
"Description": "Gives permissions to get and update endpoints for a Pinpoint application",
"Parameters": {
"PinpointApplicationId": {
"Description": "The id of your Pinpoint application"
}
},
"Definition": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobiletargeting:GetEndpoint",
"mobiletargeting:UpdateEndpoint",
"mobiletargeting:UpdateEndpointsBatch"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:mobiletargeting:${AWS::Region}:${AWS::AccountId}:apps/${pinpointApplicationId}/endpoints/*",
{
"pinpointApplicationId": {
"Ref": "PinpointApplicationId"
}
}
]
}
}
]
}
},
"FirehoseWritePolicy": {
"Description": "Gives permission to write to a Kinesis Firehose Delivery Stream",
"Parameters": {
Expand Down
5 changes: 5 additions & 0 deletions tests/translator/input/all_policy_templates.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,8 @@ Resources:

- AWSSecretsManagerRotationPolicy:
FunctionName: function

- MobileAnalyticsWriteOnlyAccessPolicy: {}

- PinpointEndpointAccessPolicy:
PinpointApplicationId: id
37 changes: 37 additions & 0 deletions tests/translator/output/all_policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -950,6 +950,43 @@
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy37",
"PolicyDocument": {
"Statement": [
{
"Action": [
"mobileanalytics:PutEvents"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy38",
"PolicyDocument": {
"Statement": [
{
"Action": [
"mobiletargeting:GetEndpoint",
"mobiletargeting:UpdateEndpoint",
"mobiletargeting:UpdateEndpointsBatch"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:mobiletargeting:${AWS::Region}:${AWS::AccountId}:apps/${pinpointApplicationId}/endpoints/*",
{
"pinpointApplicationId": "id"
}
]
},
"Effect": "Allow"
}
]
}
}
],
"AssumeRolePolicyDocument": {
Expand Down
37 changes: 37 additions & 0 deletions tests/translator/output/aws-cn/all_policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -950,6 +950,43 @@
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy37",
"PolicyDocument": {
"Statement": [
{
"Action": [
"mobileanalytics:PutEvents"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy38",
"PolicyDocument": {
"Statement": [
{
"Action": [
"mobiletargeting:GetEndpoint",
"mobiletargeting:UpdateEndpoint",
"mobiletargeting:UpdateEndpointsBatch"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:mobiletargeting:${AWS::Region}:${AWS::AccountId}:apps/${pinpointApplicationId}/endpoints/*",
{
"pinpointApplicationId": "id"
}
]
},
"Effect": "Allow"
}
]
}
}
],
"AssumeRolePolicyDocument": {
Expand Down
38 changes: 38 additions & 0 deletions tests/translator/output/aws-us-gov/all_policy_templates.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -950,6 +950,44 @@
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy37",
"PolicyDocument": {
"Statement": [
{
"Action": [
"mobileanalytics:PutEvents"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy38",
"PolicyDocument": {
"Statement": [
{
"Action": [
"mobiletargeting:GetEndpoint",
"mobiletargeting:UpdateEndpoint",
"mobiletargeting:UpdateEndpointsBatch"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:mobiletargeting:${AWS::Region}:${AWS::AccountId}:apps/${pinpointApplicationId}/endpoints/*",
{
"pinpointApplicationId": "id"
}
]
}
,
"Effect": "Allow"
}
]
}
}
],
"AssumeRolePolicyDocument": {
Expand Down

0 comments on commit c5a60ab

Please sign in to comment.