A fluent Python IAM Policy builder
Project description
IAM Policy Builder
Build valid IAM policies for Google Cloud (GCP) and Amazon Web Services (AWS)
Features
Fluent chaining for clean code
Output standard JSON-compatible dictionaries
Avoid error-prone string manipulation
Installation
You can install this package via PIP: pip install python-iam-policy-builder
Usage
GCP
from iam_policy.gcp.gcp_iam_policy_builder import GCPIAMPolicyBuilder, Condition
iam_policy = GCPIAMPolicyBuilder(version=3)
iam_policy.add_binding(
role='roles/viewer',
members=[
'user:alice@example.com',
'serviceAccount:compute@example.com'
],
condition=Condition(
title='TimeBoundAccess',
expression='request.time < timestamp("2024-12-31T23:59:59Z")',
description='Temporary access until end of year'
)._asdict()
)
print(iam_policy.build())
# [Output]
# {
# "bindings": [
# {
# "role": "roles/viewer",
# "members": [
# "user:alice@example.com",
# "serviceAccount:compute@example.com"
# ],
# "condition": {
# "title": "TimeBoundAccess",
# "expression": "request.time < timestamp(\"2024-12-31T23:59:59Z\")",
# "description": "Temporary access until end of year"
# }
# }
# ],
# "version": 3
# }
AWS
from iam_policy.aws.aws_iam_policy_builder import AWSIAMPolicyBuilder, Statement, Effect
iam_policy = AWSIAMPolicyBuilder(version='2012-10-17')
iam_policy.add_statement(
Statement(
Effect=Effect.Allow.value,
Action=['iam:ListUsers'],
Resource=['arn:aws:s3:::my-bucket/*'],
Sid='AllowListUsers',
Condition={
'StringEquals': {
'aws:username': 'alice'
}
},
Principal={'AWS': 'arn:aws:iam::123456789012:user/alice'},
)._asdict()
)
print(iam_policy.build())
# [Output]
# {
# "Version": "2012-10-17",
# "Statement": [
# {
# "Effect": "Allow",
# "Action": [
# "iam:ListUsers"
# ],
# "Resource": [
# "arn:aws:s3:::my-bucket/*"
# ],
# "Condition": {
# "StringEquals": {
# "aws:username": "alice"
# }
# },
# "Sid": "AllowListUsers",
# "Principal": {'AWS': 'arn:aws:iam::123456789012:user/alice'}
# }
# ]
# }
Notes
GCP
- Multiple conditions per binding are not supported, as GCP IAM currently allows only one condition per binding (as of May 2025)
- auditConfigs (Used for configuring audit logging) are not supported
- Role names, member identifiers, and condition expressions are not validated
AWS
- No validation is performed on ARNs, actions, or conditions
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file python_iam_policy_builder-0.1.6.tar.gz.
File metadata
- Download URL: python_iam_policy_builder-0.1.6.tar.gz
- Upload date:
- Size: 5.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bedd0ba9b3bd8a434c93353642a9fb0d0ee243881cb9fadd579d63f5f1f1bf21
|
|
| MD5 |
c863266d2eae0b254ba973b68ded8ec1
|
|
| BLAKE2b-256 |
b7caa4cec9cf55e669ec28ef5a4458ff5469c36823ed1d2bc6f6f849ef64f335
|
File details
Details for the file python_iam_policy_builder-0.1.6-py3-none-any.whl.
File metadata
- Download URL: python_iam_policy_builder-0.1.6-py3-none-any.whl
- Upload date:
- Size: 6.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
87f00ef9a5abe11d4bc400d6e7c0fa896d64acc8a11f355b991b22a3a853a593
|
|
| MD5 |
853d2e721977633a4cfc30c9a1b1f562
|
|
| BLAKE2b-256 |
535fe22547ce13b84a1b22d79bacc0be2a055340a078a95a58e958af62dea6c8
|
