Skip to content

Commit 941dff2

Browse files
lafioscabrettstack
lafiosca
authored and
brettstack
committed
feat(policy-template): add FirehoseWritePolicy and FirehoseCrudPolicy (#397)
1 parent 886dcdc commit 941dff2

File tree

2 files changed

+125
-1
lines changed

2 files changed

+125
-1
lines changed

docs/policy_templates_data/policy_templates.json

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1132,6 +1132,68 @@
11321132
"Resource": "*"
11331133
}]
11341134
}
1135+
},
1136+
"FirehoseWritePolicy": {
1137+
"Description": "Gives permission to write to a Kinesis Firehose Delivery Stream",
1138+
"Parameters": {
1139+
"DeliveryStreamName": {
1140+
"Description": "Name of Kinesis Firehose Delivery Stream"
1141+
}
1142+
},
1143+
"Definition": {
1144+
"Statement": [
1145+
{
1146+
"Effect": "Allow",
1147+
"Action": [
1148+
"firehose:PutRecord",
1149+
"firehose:PutRecordBatch"
1150+
],
1151+
"Resource": {
1152+
"Fn::Sub": [
1153+
"arn:${AWS::Partition}:firehose:${AWS::Region}:${AWS::AccountId}:deliverystream/${deliveryStreamName}",
1154+
{
1155+
"deliveryStreamName": {
1156+
"Ref": "DeliveryStreamName"
1157+
}
1158+
}
1159+
]
1160+
}
1161+
}
1162+
]
1163+
}
1164+
},
1165+
"FirehoseCrudPolicy": {
1166+
"Description": "Gives permission to create, write to, update, and delete a Kinesis Firehose Delivery Stream",
1167+
"Parameters": {
1168+
"DeliveryStreamName": {
1169+
"Description": "Name of Kinesis Firehose Delivery Stream"
1170+
}
1171+
},
1172+
"Definition": {
1173+
"Statement": [
1174+
{
1175+
"Effect": "Allow",
1176+
"Action": [
1177+
"firehose:CreateDeliveryStream",
1178+
"firehose:DeleteDeliveryStream",
1179+
"firehose:DescribeDeliveryStream",
1180+
"firehose:PutRecord",
1181+
"firehose:PutRecordBatch",
1182+
"firehose:UpdateDestination"
1183+
],
1184+
"Resource": {
1185+
"Fn::Sub": [
1186+
"arn:${AWS::Partition}:firehose:${AWS::Region}:${AWS::AccountId}:deliverystream/${deliveryStreamName}",
1187+
{
1188+
"deliveryStreamName": {
1189+
"Ref": "DeliveryStreamName"
1190+
}
1191+
}
1192+
]
1193+
}
1194+
}
1195+
]
1196+
}
11351197
}
11361198
}
11371199
}

samtranslator/policy_templates_data/policy_templates.json

Lines changed: 63 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1155,6 +1155,68 @@
11551155
}
11561156
]
11571157
}
1158+
},
1159+
"FirehoseWritePolicy": {
1160+
"Description": "Gives permission to write to a Kinesis Firehose Delivery Stream",
1161+
"Parameters": {
1162+
"DeliveryStreamName": {
1163+
"Description": "Name of Kinesis Firehose Delivery Stream"
1164+
}
1165+
},
1166+
"Definition": {
1167+
"Statement": [
1168+
{
1169+
"Effect": "Allow",
1170+
"Action": [
1171+
"firehose:PutRecord",
1172+
"firehose:PutRecordBatch"
1173+
],
1174+
"Resource": {
1175+
"Fn::Sub": [
1176+
"arn:${AWS::Partition}:firehose:${AWS::Region}:${AWS::AccountId}:deliverystream/${deliveryStreamName}",
1177+
{
1178+
"deliveryStreamName": {
1179+
"Ref": "DeliveryStreamName"
1180+
}
1181+
}
1182+
]
1183+
}
1184+
}
1185+
]
1186+
}
1187+
},
1188+
"FirehoseCrudPolicy": {
1189+
"Description": "Gives permission to create, write to, update, and delete a Kinesis Firehose Delivery Stream",
1190+
"Parameters": {
1191+
"DeliveryStreamName": {
1192+
"Description": "Name of Kinesis Firehose Delivery Stream"
1193+
}
1194+
},
1195+
"Definition": {
1196+
"Statement": [
1197+
{
1198+
"Effect": "Allow",
1199+
"Action": [
1200+
"firehose:CreateDeliveryStream",
1201+
"firehose:DeleteDeliveryStream",
1202+
"firehose:DescribeDeliveryStream",
1203+
"firehose:PutRecord",
1204+
"firehose:PutRecordBatch",
1205+
"firehose:UpdateDestination"
1206+
],
1207+
"Resource": {
1208+
"Fn::Sub": [
1209+
"arn:${AWS::Partition}:firehose:${AWS::Region}:${AWS::AccountId}:deliverystream/${deliveryStreamName}",
1210+
{
1211+
"deliveryStreamName": {
1212+
"Ref": "DeliveryStreamName"
1213+
}
1214+
}
1215+
]
1216+
}
1217+
}
1218+
]
1219+
}
11581220
}
11591221
}
1160-
}
1222+
}

0 commit comments

Comments
 (0)