A package that helps modifying AWS policies as an object
Project description
# Modules to modify AWS resource based policies as an object based Sid
# Supported: KMS CMK policy, S3 bucket policy, IAM Role trust relationship
# Example usage in a snippet:
import json, boto3
from awspolicy import BucketPolicy, KmsPolicy, IamRoleTrustPolicy
### Update KMS Key policy to allow a new account using CMK in centralized auditing account
kms = boto3.client('kms')
cmk_policy = KmsPolicy(serviceModule=kms, resourceIdentifer='xxxxe011-a1ff-4460-8942-02da951xxxx')
statement = cmk_policy.select_statement('AllowCloudTrailEncryptCrossAccountLogs')
statement.Condition['StringLike']['kms:EncryptionContext:aws:cloudtrail:arn'] += [u'arn:aws:cloudtrail:*:888888888888:trail/*']
statement.save()
statement.source_policy.save()
### Update S3 bucket policy from a STS session to allow a new account using CMK in centralized auditing account
s3 = session.client('s3')
bucket_policy = BucketPolicy(serviceModule=s3, resourceIdentifer='hailong-cloudtrail')
statement = bucket_policy.select_statement('CloudTrailCrossAccountPermission')
to_add_resource = 'arn:aws:s3:::hailong-cloudtrail/AWSLogs/888888888888/*'
if to_add_resource not in statement.Resource:
statement.Resource += ['arn:aws:s3:::hailong-cloudtrail/AWSLogs/888888888888/*']
statement.save()
statement.source_policy.save()
### Update IAM Role trusted relationship to remove Condition from a statement
import json, boto3
from awspolicy import BucketPolicy, KmsPolicy, IamRoleTrustPolicy
iam = boto3.client('iam')
role_trust_policy = IamRoleTrustPolicy(serviceModule=iam, resourceIdentifer='EC2ReadOnly')
s = role_trust_policy.select_statement('CrossAccount')
s.Conditon = None
s.save()
s.source_policy.save()
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
awspolicy-0.0.1.tar.gz
(2.7 kB
view details)
Built Distribution
File details
Details for the file awspolicy-0.0.1.tar.gz.
File metadata
- Download URL: awspolicy-0.0.1.tar.gz
- Upload date:
- Size: 2.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.19.1 setuptools/40.2.0 requests-toolbelt/0.8.0 tqdm/4.19.1 CPython/3.6.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4fc0ff198fa3e579c8eae6cb8642d0c946d195c582e801a3943ca35fd3793fee |
|
| MD5 | 4022c0c31635e2cd26f1423cb63689fd |
|
| BLAKE2b-256 | 804080d90a7efe48bf2f3d9d7e296a636dc1ea2054d73ac437d20d74c0256a74 |
File details
Details for the file awspolicy-0.0.1-py3-none-any.whl.
File metadata
- Download URL: awspolicy-0.0.1-py3-none-any.whl
- Upload date:
- Size: 3.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.19.1 setuptools/40.2.0 requests-toolbelt/0.8.0 tqdm/4.19.1 CPython/3.6.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d1e6d3913a9b372b6afb00c564bb567c68b75baf406b3c5b840c7d6a3c3ad024 |
|
| MD5 | 559001479af8f27637656cf76934b4a7 |
|
| BLAKE2b-256 | 96c4e9a159b428a100beaf96c529a6842163fc392e90a62b4d9035c2feec776f |
