-
Notifications
You must be signed in to change notification settings - Fork 101
/
s3.py
47 lines (44 loc) · 1.31 KB
/
s3.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Example taken from AWS docs:
# http://docs.aws.amazon.com/IAM/latest/UserGuide/
# ExampleIAMPolicies.html#iampolicy-example-s3homedir
from awacs.aws import Action, Allow, Condition
from awacs.aws import Policy, Statement
from awacs.aws import StringEquals, StringLike
import awacs.s3 as s3
pd = Policy(
Statement=[
Statement(
Action=[s3.ListAllMyBuckets, s3.GetBucketLocation],
Effect=Allow,
Resource=[s3.ARN("*"), ],
),
Statement(
Action=[s3.ListBucket],
Effect=Allow,
Resource=[s3.ARN("myBucket")],
Condition=Condition(
StringEquals({
's3:prefix': ['', 'home/'],
's3:delimiter': ['/'],
}),
),
),
Statement(
Action=[s3.ListBucket],
Effect=Allow,
Resource=[s3.ARN("myBucket")],
Condition=Condition(
StringLike("s3:prefix", ["home/${aws:username}/*"])
),
),
Statement(
Action=[Action("s3", "*")],
Effect=Allow,
Resource=[
s3.ARN("myBucket/home/${aws:username}"),
s3.ARN("myBucket/home/${aws:username}/*"),
],
),
],
)
print(pd.to_json())