feat(policy-templates): add RekognitionFacesManagementPolicy Policy Template (#589)

hcanalesmx · brettstack · commit 93d8b1cbce39 · 2018-09-25T09:19:26.000-07:00
diff --git a/samtranslator/policy_templates_data/policy_templates.json b/samtranslator/policy_templates_data/policy_templates.json
@@ -962,6 +962,36 @@
         ]
       }
     },
+    "RekognitionFacesManagementPolicy": {
+      "Description": "Gives permission to add, delete and search faces in a collection",
+      "Parameters": {
+        "CollectionId": {
+          "Description": "ID of the collection"
+        }
+      },
+      "Definition": {
+        "Statement": [{
+          "Effect": "Allow",
+          "Action": [
+            "rekognition:IndexFaces",
+            "rekognition:DeleteFaces",
+            "rekognition:SearchFaces",
+            "rekognition:SearchFacesByImage",
+            "rekognition:ListFaces"
+          ],
+          "Resource": {
+            "Fn::Sub": [
+              "arn:${AWS::Partition}:rekognition:${AWS::Region}:${AWS::AccountId}:collection/${collectionId}",
+              {
+                "collectionId": {
+                  "Ref": "CollectionId"
+                }
+              }
+            ]
+          }
+        }]
+      }
+    },
     "RekognitionFacesPolicy": {
       "Description": "Gives permission to compare and detect faces and labels",
       "Parameters": {
diff --git a/tests/translator/input/all_policy_templates.yaml b/tests/translator/input/all_policy_templates.yaml
@@ -120,3 +120,6 @@ Resources:
             PinpointApplicationId: id
 
         - RekognitionDetectOnlyPolicy: {}
+
+        - RekognitionFacesManagementPolicy:
+            CollectionId: collection
diff --git a/tests/translator/output/all_policy_templates.json b/tests/translator/output/all_policy_templates.json
@@ -1003,6 +1003,31 @@
                 }
               ]
             }
+          },
+          {
+            "PolicyName": "KitchenSinkFunctionRolePolicy40", 
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "rekognition:IndexFaces",
+                    "rekognition:DeleteFaces",
+                    "rekognition:SearchFaces",
+                    "rekognition:SearchFacesByImage",
+                    "rekognition:ListFaces"
+                  ], 
+                  "Resource": {
+                    "Fn::Sub": [
+                      "arn:${AWS::Partition}:rekognition:${AWS::Region}:${AWS::AccountId}:collection/${collectionId}", 
+                      {
+                        "collectionId": "collection"
+                      }
+                    ]
+                  }, 
+                  "Effect": "Allow"
+                }
+              ]
+            }
           }
         ],
         "AssumeRolePolicyDocument": {
diff --git a/tests/translator/output/aws-cn/all_policy_templates.json b/tests/translator/output/aws-cn/all_policy_templates.json
@@ -1003,6 +1003,31 @@
                 }
               ]
             }
+          },
+          {
+            "PolicyName": "KitchenSinkFunctionRolePolicy40", 
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "rekognition:IndexFaces",
+                    "rekognition:DeleteFaces",
+                    "rekognition:SearchFaces",
+                    "rekognition:SearchFacesByImage",
+                    "rekognition:ListFaces"
+                  ], 
+                  "Resource": {
+                    "Fn::Sub": [
+                      "arn:${AWS::Partition}:rekognition:${AWS::Region}:${AWS::AccountId}:collection/${collectionId}", 
+                      {
+                        "collectionId": "collection"
+                      }
+                    ]
+                  }, 
+                  "Effect": "Allow"
+                }
+              ]
+            }
           }
         ],
         "AssumeRolePolicyDocument": {
diff --git a/tests/translator/output/aws-us-gov/all_policy_templates.json b/tests/translator/output/aws-us-gov/all_policy_templates.json
@@ -1004,6 +1004,31 @@
                 }
               ]
             }
+          },
+          {
+            "PolicyName": "KitchenSinkFunctionRolePolicy40", 
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "rekognition:IndexFaces",
+                    "rekognition:DeleteFaces",
+                    "rekognition:SearchFaces",
+                    "rekognition:SearchFacesByImage",
+                    "rekognition:ListFaces"
+                  ], 
+                  "Resource": {
+                    "Fn::Sub": [
+                      "arn:${AWS::Partition}:rekognition:${AWS::Region}:${AWS::AccountId}:collection/${collectionId}", 
+                      {
+                        "collectionId": "collection"
+                      }
+                    ]
+                  }, 
+                  "Effect": "Allow"
+                }
+              ]
+            }
           }
         ],
         "AssumeRolePolicyDocument": {
