forked from awsdocs/aws-doc-sdk-examples
/
iam_createpolicy.go
105 lines (90 loc) · 3.1 KB
/
iam_createpolicy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
// snippet-comment:[These are tags for the AWS doc team's sample catalog. Do not remove.]
// snippet-sourceauthor:[Doug-AWS]
// snippet-sourcedescription:[Creates an IAM policy.]
// snippet-keyword:[AWS Identity and Access Management]
// snippet-keyword:[CreatePolicy function]
// snippet-keyword:[Go]
// snippet-sourcesyntax:[go]
// snippet-service:[iam]
// snippet-keyword:[Code Sample]
// snippet-sourcetype:[full-example]
// snippet-sourcedate:[2018-03-16]
/*
Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
This file is licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License. A copy of
the License is located at
http://aws.amazon.com/apache2.0/
This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
*/
package main
import (
"encoding/json"
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/iam"
)
// PolicyDocument is our definition of our policies to be uploaded to IAM.
type PolicyDocument struct {
Version string
Statement []StatementEntry
}
// StatementEntry will dictate what this policy will allow or not allow.
type StatementEntry struct {
Effect string
Action []string
Resource string
}
// Usage:
// go run iam_createpolicy.go
func main() {
// Initialize a session in us-west-2 that the SDK will use to load
// credentials from the shared credentials file ~/.aws/credentials.
sess, err := session.NewSession(&aws.Config{
Region: aws.String("us-west-2")},
)
// Create a IAM service client.
svc := iam.New(sess)
// Builds our policy document for IAM.
policy := PolicyDocument{
Version: "2012-10-17",
Statement: []StatementEntry{
StatementEntry{
Effect: "Allow",
Action: []string{
"logs:CreateLogGroup", // Allow for creating log groups
},
Resource: "RESOURCE ARN FOR logs:*",
},
StatementEntry{
Effect: "Allow",
// Allows for DeleteItem, GetItem, PutItem, Scan, and UpdateItem
Action: []string{
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Scan",
"dynamodb:UpdateItem",
},
Resource: "RESOURCE ARN FOR dynamodb:*",
},
},
}
b, err := json.Marshal(&policy)
if err != nil {
fmt.Println("Error marshaling policy", err)
return
}
result, err := svc.CreatePolicy(&iam.CreatePolicyInput{
PolicyDocument: aws.String(string(b)),
PolicyName: aws.String("myDynamodbPolicy"),
})
if err != nil {
fmt.Println("Error", err)
return
}
fmt.Println("New policy", result)
}