ecs_composex.iam package

Submodules

ecs_composex.iam.iam_ecs_helpers module

ecs_composex.iam.iam_ecs_helpers. add_ec2_managed_policy ( template ) [source]
Return type :

None

ecs_composex.iam.iam_ecs_helpers. add_ecs_execution_role_managed_policy ( template ) [source]

Creates a blanket IAM Managed policy to use for the ECS Execution roles

Parameters :

template ( troposphere.Template ) –

Returns :

The managed policy

Return type :

ManagedPolicy

ecs_composex.iam.iam_ecs_helpers. import_family_roles ( settings , exec_role_managed_policy , ec2_policy ) [source]
Parameters :
Return type :

list

ecs_composex.iam.iam_params module

IAM Parameters

ecs_composex.iam.iam_stack module

IAM Stack that will create all the ComposeFamily IAM Roles and managed policies. Using that as a primary dependency allows to ensure IAM roles creation is successful before moving on to creating other resources.

At the moment, only cares for the IAM Roles of services, will down the road handle IAM roles for RDS and other resources that have IAM based features.

class ecs_composex.iam.iam_stack. ResourceIamManager ( resource , linked_service_name ) [source]

Bases: object

Class to bundle up IAM role and permissions for a given AWS Resource.

property resource
class ecs_composex.iam.iam_stack. XStack ( name , settings , ** kwargs ) [source]

Bases: ComposeXStack

Class to represent the IAM top stack

ecs_composex.iam.import_sam_policies module

Module to import Policies templates from AWS SAM policies templates.

ecs_composex.iam.import_sam_policies. get_access_types ( module_name , perms_path = None ) [source]

Retrieves the Permissions definitions for a given module

Parameters :

  • module_name ( str ) –

  • perms_path ( str ) – Override path to the permissions, instead of relying on module name

Returns :

the policies

Return type :

dict

ecs_composex.iam.import_sam_policies. import_and_cleanse_sam_policies ( ) [source]

Function to go over each policy defined in AWS SAM policies and align it to ECS ComposeX expected format.

Returns :

The policies

Return type :

dict

Module contents

ecs_composex.iam. add_role_boundaries ( iam_role , policy ) [source]

Function to set permission boundary onto an IAM role

Parameters :

  • iam_role ( troposphere.iam.Role ) – the IAM Role to add the boundary to

  • policy ( str ) – the name or ARN of the policy

Return type :

None

ecs_composex.iam. define_iam_policy ( policy ) [source]

From input, determines if the policy string is the full ARN or just the name of the policy. If just the name, assumes it is from the account itself, and adds the necessary ARN prefix.

Parameters :

policy ( str ) –

Returns :

the policy

Return type :

str

ecs_composex.iam. service_role_trust_policy ( service_name ) [source]

Simple function to format the trust relationship for a Role and an AWS Service used from lambda-my-aws/ozone

Parameters :

service_name ( str ) – name of the ecs_service

Returns :

policy document

Return type :

dict