private static PolicyStatement GeneratePolicyStatement(string[] allowedIps, string[] deniedIps) { var policyStatement = new PolicyStatement(new PolicyStatementProps { Effect = Effect.ALLOW, Actions = new string[] { "execute-api:Invoke" }, Resources = new string[] { "execute-api:/*/*/*" }, Conditions = CreateIpList(allowedIps, deniedIps) }); policyStatement.AddAnyPrincipal(); return(policyStatement); }
public DynamoDbStack(Construct parent, string id, DynamoDbStackProps props) : base(parent, id, props) { var dynamoDbEndpoint = props.Vpc.AddGatewayEndpoint("DynamoDbEndpoint", new GatewayVpcEndpointOptions { Service = GatewayVpcEndpointAwsService.DYNAMODB }); var dynamoDbPolicy = new PolicyStatement(); dynamoDbPolicy.AddAnyPrincipal(); dynamoDbPolicy.AddActions("*"); dynamoDbPolicy.AddAllResources(); dynamoDbEndpoint.AddToPolicy( dynamoDbPolicy ); this.table = new Table(this, "Table", new TableProps { TableName = "MysfitsTable", PartitionKey = new Attribute { Name = "MysfitId", Type = AttributeType.STRING } }); this.table.AddGlobalSecondaryIndex(new GlobalSecondaryIndexProps { IndexName = "LawChaosIndex", PartitionKey = new Attribute { Name = "LawChaos", Type = AttributeType.STRING }, SortKey = new Attribute { Name = "MysfitId", Type = AttributeType.STRING }, ReadCapacity = 5, WriteCapacity = 5, ProjectionType = ProjectionType.ALL }); this.table.AddGlobalSecondaryIndex(new GlobalSecondaryIndexProps { IndexName = "GoodEvilIndex", PartitionKey = new Attribute { Name = "GoodEvil", Type = AttributeType.STRING }, SortKey = new Attribute { Name = "MysfitId", Type = AttributeType.STRING }, ReadCapacity = 5, WriteCapacity = 5, ProjectionType = ProjectionType.ALL }); var fargatePolicy = new PolicyStatement(); fargatePolicy.AddActions( // Allows the ECS tasks to interact with only the MysfitsTable in DynamoDB "dynamodb:Scan", "dynamodb:Query", "dynamodb:UpdateItem", "dynamodb:GetItem", "dynamodb:DescribeTable" ); fargatePolicy.AddResources( "arn:aws:dynamodb:*:*:table/MysfitsTable*" ); props.fargateService.TaskDefinition.AddToTaskRolePolicy( fargatePolicy ); }