A botocore helper lib
Project description
botool
======
Hopefully useful botocore scripts for managing aws resources
TODO
----
IAM
---
- add backup flag to write out settings to file(s)
- add capacity to remove users, groups, and roles
- tests
- allow "users" to have individual policies
Example Config
--------------
service: IAM
groups:
- group_name: "group1"
policy_name: "allow-rw-to-s3"
policy_document: "example-allow-rw-to-s3.json"
- group_name: "group2"
policy_name: "allow-rw-to-s3"
policy_document: "example-allow-rw-to-s3.json"
- group_name: "group3"
policy_name: "allow-rw-to-s3"
policy_document: "example-allow-rw-to-s3.json"
users:
- user_name: "user1"
groups: [group2, group1]
- user_name: "user2"
groups: [group1]
- user_name: "user3"
groups: [group3, group2, group1]
- user_name: "user4"
groups: [group2, group3]
roles:
- role_name: "role1-service"
policy_name: "allow-rw-to-s3"
assume_role_policy_document: "allow-assume-role-by-ec2-service.json"
policy_document: "example-allow-rw-to-s3.json"
- role_name: "role2-service"
policy_name: "allow-rw-to-s3"
assume_role_policy_document: "allow-assume-role-by-ec2-service.json"
policy_document: "example-allow-rw-to-s3.json"
- role_name: "role3-service"
policy_name: "allow-rw-to-s3"
assume_role_policy_document: "allow-assume-role-by-ec2-service.json"
policy_document: "example-allow-rw-to-s3.json"
Example Policies
----------------
allow-assume-role-by-ec2-service.json
-------------------------------------
{
"Statement":
[
{
"Effect": "Allow",
"Action": [
"sts:AssumeRole"
],
"Principal":
{
"Service" :
[
"ec2.amazonaws.com"
]
}
}
]
}
example-allow-rw-to-s3.json
---------------------------
{
"Version":"2012-10-17",
"Statement":
[
{
"Effect":"Allow",
"Action":
[
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource":
[
"arn:aws:s3:::hqmigrat-stage/*"
]
},
{
"Sid":"Stmt1391189122000",
"Effect":"Allow",
"Action":
[
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource":
[
"arn:aws:s3:::hqmigrat-prod/*"
]
}
]
}
CHANGES
=======
Next Release (TBD)
------------------
- TBD
0.1 (2014-02-10)
----------------
- Initial release
- IAM basics for creating roles, groups and users. Manages user roles, but everything else is add only right now.
======
Hopefully useful botocore scripts for managing aws resources
TODO
----
IAM
---
- add backup flag to write out settings to file(s)
- add capacity to remove users, groups, and roles
- tests
- allow "users" to have individual policies
Example Config
--------------
service: IAM
groups:
- group_name: "group1"
policy_name: "allow-rw-to-s3"
policy_document: "example-allow-rw-to-s3.json"
- group_name: "group2"
policy_name: "allow-rw-to-s3"
policy_document: "example-allow-rw-to-s3.json"
- group_name: "group3"
policy_name: "allow-rw-to-s3"
policy_document: "example-allow-rw-to-s3.json"
users:
- user_name: "user1"
groups: [group2, group1]
- user_name: "user2"
groups: [group1]
- user_name: "user3"
groups: [group3, group2, group1]
- user_name: "user4"
groups: [group2, group3]
roles:
- role_name: "role1-service"
policy_name: "allow-rw-to-s3"
assume_role_policy_document: "allow-assume-role-by-ec2-service.json"
policy_document: "example-allow-rw-to-s3.json"
- role_name: "role2-service"
policy_name: "allow-rw-to-s3"
assume_role_policy_document: "allow-assume-role-by-ec2-service.json"
policy_document: "example-allow-rw-to-s3.json"
- role_name: "role3-service"
policy_name: "allow-rw-to-s3"
assume_role_policy_document: "allow-assume-role-by-ec2-service.json"
policy_document: "example-allow-rw-to-s3.json"
Example Policies
----------------
allow-assume-role-by-ec2-service.json
-------------------------------------
{
"Statement":
[
{
"Effect": "Allow",
"Action": [
"sts:AssumeRole"
],
"Principal":
{
"Service" :
[
"ec2.amazonaws.com"
]
}
}
]
}
example-allow-rw-to-s3.json
---------------------------
{
"Version":"2012-10-17",
"Statement":
[
{
"Effect":"Allow",
"Action":
[
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource":
[
"arn:aws:s3:::hqmigrat-stage/*"
]
},
{
"Sid":"Stmt1391189122000",
"Effect":"Allow",
"Action":
[
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource":
[
"arn:aws:s3:::hqmigrat-prod/*"
]
}
]
}
CHANGES
=======
Next Release (TBD)
------------------
- TBD
0.1 (2014-02-10)
----------------
- Initial release
- IAM basics for creating roles, groups and users. Manages user roles, but everything else is add only right now.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
botool-0.1.1.tar.gz
(5.4 kB
view details)
File details
Details for the file botool-0.1.1.tar.gz.
File metadata
- Download URL: botool-0.1.1.tar.gz
- Upload date:
- Size: 5.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3c553f8dfac8be1cc83879d315107db3b8157caa9045011767b3f9cd74c409de |
|
| MD5 | 715a839de27a168b822aa2c1355f18ec |
|
| BLAKE2b-256 | 0def7cee917b83b3866d5111371e14645dd90fb13488714149ef42275ae1b610 |
