private PolicyStatement GenerateKMSStatments() { var condtions = new Dictionary <string, object>(); condtions.Add("ForAnyValue:StringEquals", "{" + "\"kms:EncryptionContextKeys\": \"aws:imagebuilder:arn\"," + "\"aws:CalledVia\": [ " + "\"imagebuilder.amazonaws.com\" " + " ]" + "}" ); var statementProps = new PolicyStatementProps { Effect = Effect.ALLOW, Actions = new string[] { "kms:Decrypt" }, Resources = new string[] { "*" }, //Conditions = condtions }; var statement = new PolicyStatement(statementProps); return(statement); }
private PolicyStatement GenerateSSMStatement() { var statementProps = new PolicyStatementProps { Effect = Effect.ALLOW, Actions = new string[] { "ssm:DescribeAssociation", "ssm:GetDeployablePatchSnapshotForInstance", "ssm:GetDocument", "ssm:DescribeDocument", "ssm:GetManifest", "ssm:GetParameter", "ssm:GetParameters", "ssm:ListAssociations", "ssm:ListInstanceAssociations", "ssm:PutInventory", "ssm:PutComplianceItems", "ssm:PutConfigurePackageResult", "ssm:UpdateAssociationStatus", "ssm:UpdateInstanceAssociationStatus", "ssm:UpdateInstanceInformation" }, Resources = new string[] { "*" } }; var statement = new PolicyStatement(statementProps); return(statement); }
private PolicyStatement GenerateServiceLink() { var condtions = new Dictionary <string, object>(); condtions.Add("StringEquals", "\"iam:AWSServiceName\": [ " + "\"autoscaling.amazonaws.com\", " + "\"ec2scheduled.amazonaws.com\", " + "\"elasticloadbalancing.amazonaws.com\", " + "\"spot.amazonaws.com\", " + "\"spotfleet.amazonaws.com\", " + "\"transitgateway.amazonaws.com\" " + "]" ); var statementProps = new PolicyStatementProps { Effect = Effect.ALLOW, Actions = new string[] { "iam:CreateServiceLinkedRole:*" }, Resources = new string[] { "*" }, Conditions = condtions }; var statement = new PolicyStatement(statementProps); return(statement); }
public virtual PolicyStatement Build() { var props = new PolicyStatementProps { Effect = GrantEffect, Actions = (ActionList.Any() ? ActionList.ToArray() : null), Resources = (ResourceList.Any() ? ResourceList.ToArray() : new string[] { "*" }) }; return(new PolicyStatement(props)); }
private PolicyStatement GenerateS3() { var statementProps = new PolicyStatementProps { Effect = Effect.ALLOW, Actions = new string[] { "s3:*" }, Resources = new string[] { "*" } }; var statement = new PolicyStatement(statementProps); return(statement); }
private PolicyStatement AssumeRole() { var statementProps = new PolicyStatementProps { Effect = Effect.ALLOW, Actions = new string[] { "sts:AssumeRole" }, Principals = new ServicePrincipal[] { new ServicePrincipal("ec2.amazonaws.com") } }; var statement = new PolicyStatement(statementProps); return(statement); }
private PolicyStatement GenerateELB() { var statementProps = new PolicyStatementProps { Effect = Effect.ALLOW, Actions = new string[] { "elasticloadbalancing:*" }, Resources = new string[] { "*" } }; var statement = new PolicyStatement(statementProps); return(statement); }
private PolicyStatement AllowS3Statments() { var statementProps = new PolicyStatementProps { Effect = Effect.ALLOW, Actions = new string[] { "s3:GetObject" }, Resources = new string[] { "arn:aws:s3:::ec2imagebuilder*" } }; var statement = new PolicyStatement(statementProps); return(statement); }
private PolicyStatement AllowLogStatments() { var statementProps = new PolicyStatementProps { Effect = Effect.ALLOW, Actions = new string[] { "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents" }, Resources = new string[] { "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" } }; var statement = new PolicyStatement(statementProps); return(statement); }
private PolicyStatement GenerateSSMMessageStatement() { var statementProps = new PolicyStatementProps { Effect = Effect.ALLOW, Actions = new string[] { "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" }, Resources = new string[] { "*" } }; var statement = new PolicyStatement(statementProps); return(statement); }
private PolicyStatement GenerateEC2MessageStatement() { var statementProps = new PolicyStatementProps { Effect = Effect.ALLOW, Actions = new string[] { "ec2messages:AcknowledgeMessage", "ec2messages:DeleteMessage", "ec2messages:FailMessage", "ec2messages:GetEndpoint", "ec2messages:GetMessages", "ec2messages:SendReply" }, Resources = new string[] { "*" } }; var statement = new PolicyStatement(statementProps); return(statement); }
private PolicyStatement GenerateECRStatements() { var statementProps = new PolicyStatementProps { Effect = Effect.ALLOW, Actions = new string[] { "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "ecr:GetAuthorizationToken", "ecr:BatchGetImage", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:PutImage" }, Resources = new string[] { "*" } }; var statement = new PolicyStatement(statementProps); return(statement); }