class Deputy53::Assigner

Assigns control of a zone to an identity

Public Instance Methods

assign(subdomain, identity) click to toggle source
# File lib/deputy53/assigner.rb, line 35
def assign(subdomain, identity)
  identity = iam.identity identity

  true if iam.api.method("put_#{identity.type}_policy").call(
    :"#{identity.type}_name" => identity.name,
    policy_name: "manage-dns@#{subdomain}",
    policy_document: policy(subdomain)
  )
end
iam() click to toggle source
# File lib/deputy53/assigner.rb, line 11
def iam
  @iam ||= IAM.new
end
policy(subdomain) click to toggle source
# File lib/deputy53/assigner.rb, line 21
def policy(subdomain)
  zone = route53.id(subdomain).sub(%r{^/}, '')
  document = {
    'Version' => '2012-10-17',
    'Statement' => [
      'Effect' => 'Allow',
      'Action' => ['route53domains:*', 'route53:*'],
      'Resource' => "arn:aws:route53:::#{zone}"
    ]
  }
  JSON.dump document
end
route53() click to toggle source
# File lib/deputy53/assigner.rb, line 16
def route53
  @route53 ||= Route53.new
end