module Formatron::CloudFormation::Resources::IAM

Generates CloudFormation template IAM resources

Public Class Methods

access_key(user_name:) click to toggle source

rubocop:enable Metrics/MethodLength

# File lib/formatron/cloud_formation/resources/iam.rb, line 83
def self.access_key(user_name:)
  {
    Type: 'AWS::IAM::AccessKey',
    Properties: {
      UserName: user_name
    }
  }
end
instance_profile(role:) click to toggle source

rubocop:enable Metrics/MethodLength

# File lib/formatron/cloud_formation/resources/iam.rb, line 27
def self.instance_profile(role:)
  {
    Type: 'AWS::IAM::InstanceProfile',
    Properties: {
      Path: '/',
      Roles: [Template.ref(role)]
    }
  }
end
policy(role:, name:, statements:) click to toggle source

rubocop:disable Metrics/MethodLength

# File lib/formatron/cloud_formation/resources/iam.rb, line 38
def self.policy(role:, name:, statements:)
  {
    Type: 'AWS::IAM::Policy',
    Properties: {
      Roles: [Template.ref(role)],
      PolicyName: name,
      PolicyDocument: {
        Version: '2012-10-17',
        Statement: statements.collect do |statement|
          {
            Effect: 'Allow',
            Action: statement[:actions],
            Resource: statement[:resources]
          }
        end
      }
    }
  }
end
role() click to toggle source

rubocop:disable Metrics/MethodLength

# File lib/formatron/cloud_formation/resources/iam.rb, line 9
def self.role
  {
    Type: 'AWS::IAM::Role',
    Properties: {
      AssumeRolePolicyDocument: {
        Version: '2012-10-17',
        Statement: [{
          Effect: 'Allow',
          Principal: { Service: ['ec2.amazonaws.com'] },
          Action: ['sts:AssumeRole']
        }]
      },
      Path: '/'
    }
  }
end
user(policy_name:, statements:) click to toggle source

rubocop:disable Metrics/MethodLength

# File lib/formatron/cloud_formation/resources/iam.rb, line 60
def self.user(policy_name:, statements:)
  {
    Type: 'AWS::IAM::User',
    Properties: {
      Path: '/',
      Policies: [{
        PolicyName: policy_name,
        PolicyDocument: {
          Version: '2012-10-17',
          Statement: statements.collect do |statement|
            {
              Effect: 'Allow',
              Action: statement[:actions],
              Resource: statement[:resources]
            }
          end
        }
      }]
    }
  }
end