class Formatron::CloudFormation::Template::VPC::Subnet::Instance::Policy
generates CloudFormation
policy resource
Constants
- POLICY_PREFIX
Public Class Methods
new( policy:, instance_guid:, kms_key:, bucket:, name:, target: )
click to toggle source
rubocop:disable Metrics/MethodLength rubocop:disable Metrics/ParameterLists
# File lib/formatron/cloud_formation/template/vpc/subnet/instance/policy.rb, line 16 def initialize( policy:, instance_guid:, kms_key:, bucket:, name:, target: ) @policy = policy @kms_key = kms_key @guid = instance_guid @bucket = bucket @config_key = S3::Configuration.key( name: name, target: target ) @policy_id = "#{POLICY_PREFIX}#{@guid}" @role_id = "#{Instance::ROLE_PREFIX}#{@guid}" end
Public Instance Methods
merge(resources:)
click to toggle source
rubocop:disable Metrics/MethodLength
# File lib/formatron/cloud_formation/template/vpc/subnet/instance/policy.rb, line 39 def merge(resources:) statements = [{ actions: %w(kms:Decrypt kms:Encrypt kms:GenerateDataKey*), resources: [Template.join( 'arn:aws:kms:', Template.ref('AWS::Region'), ':', Template.ref('AWS::AccountId'), ":key/#{@kms_key}" )] }, { actions: %w(S3:GetObject), resources: ["arn:aws:s3:::#{@bucket}/#{@config_key}"] }] statements.concat( @policy.statement.collect do |statement| { actions: statement.action, resources: statement.resource } end ) unless @policy.nil? resources[@policy_id] = Resources::IAM.policy( role: @role_id, name: @policy_id, statements: statements ) end