Skip to content

Commit 9a44d23

Browse files
davfaulkbrettstack
davfaulk
authored and
brettstack
committed
feat(policy-template): add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy policy templates (#426) (#426)
1 parent af4998a commit 9a44d23

File tree

5 files changed

+139
-7
lines changed

5 files changed

+139
-7
lines changed

samtranslator/policy_templates_data/policy_templates.json

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -640,6 +640,7 @@
640640
"Action": [
641641
"ses:GetIdentityVerificationAttributes",
642642
"ses:SendEmail",
643+
"ses:SendRawEmail",
643644
"ses:VerifyEmailIdentity"
644645
],
645646
"Resource": {
@@ -1370,6 +1371,37 @@
13701371
}
13711372
]
13721373
}
1374+
},
1375+
"CostExplorerReadOnlyPolicy": {
1376+
"Description": "Gives access to the readonly Cost Explorer APIs for billing history",
1377+
"Parameters": {},
1378+
"Definition": {
1379+
"Statement": [{
1380+
"Effect": "Allow",
1381+
"Action": [
1382+
"ce:GetCostAndUsage",
1383+
"ce:GetDimensionValues",
1384+
"ce:GetReservationCoverage",
1385+
"ce:GetReservationPurchaseRecommendation",
1386+
"ce:GetReservationUtilization",
1387+
"ce:GetTags"
1388+
],
1389+
"Resource": "*"
1390+
}]
1391+
}
1392+
},
1393+
"OrganizationsListAccountsPolicy": {
1394+
"Description": "Gives readonly permission to list child account names and ids",
1395+
"Parameters": {},
1396+
"Definition": {
1397+
"Statement": [{
1398+
"Effect": "Allow",
1399+
"Action": [
1400+
"organizations:ListAccounts"
1401+
],
1402+
"Resource": "*"
1403+
}]
1404+
}
13731405
}
13741406
}
13751407
}

tests/translator/input/all_policy_templates.yaml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -124,4 +124,8 @@ Resources:
124124
- RekognitionFacesManagementPolicy:
125125
CollectionId: collection
126126

127-
- EKSDescribePolicy: {}
127+
- EKSDescribePolicy: {}
128+
129+
- CostExplorerReadOnlyPolicy: {}
130+
131+
- OrganizationsListAccountsPolicy: {}

tests/translator/output/all_policy_templates.json

Lines changed: 34 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -511,8 +511,9 @@
511511
"Statement": [
512512
{
513513
"Action": [
514-
"ses:GetIdentityVerificationAttributes",
515-
"ses:SendEmail",
514+
"ses:GetIdentityVerificationAttributes",
515+
"ses:SendEmail",
516+
"ses:SendRawEmail",
516517
"ses:VerifyEmailIdentity"
517518
],
518519
"Resource": {
@@ -1054,6 +1055,37 @@
10541055
}
10551056
]
10561057
}
1058+
},
1059+
{
1060+
"PolicyName": "KitchenSinkFunctionRolePolicy42",
1061+
"PolicyDocument": {
1062+
"Statement": [{
1063+
"Effect": "Allow",
1064+
"Action": [
1065+
"ce:GetCostAndUsage",
1066+
"ce:GetDimensionValues",
1067+
"ce:GetReservationCoverage",
1068+
"ce:GetReservationPurchaseRecommendation",
1069+
"ce:GetReservationUtilization",
1070+
"ce:GetTags"
1071+
],
1072+
"Resource": "*"
1073+
}]
1074+
}
1075+
},
1076+
{
1077+
"PolicyName": "KitchenSinkFunctionRolePolicy43",
1078+
"PolicyDocument": {
1079+
"Statement": [
1080+
{
1081+
"Action": [
1082+
"organizations:ListAccounts"
1083+
],
1084+
"Resource": "*",
1085+
"Effect": "Allow"
1086+
}
1087+
]
1088+
}
10571089
}
10581090
],
10591091
"AssumeRolePolicyDocument": {

tests/translator/output/aws-cn/all_policy_templates.json

Lines changed: 34 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -510,8 +510,9 @@
510510
"Statement": [
511511
{
512512
"Action": [
513-
"ses:GetIdentityVerificationAttributes",
514-
"ses:SendEmail",
513+
"ses:GetIdentityVerificationAttributes",
514+
"ses:SendEmail",
515+
"ses:SendRawEmail",
515516
"ses:VerifyEmailIdentity"
516517
],
517518
"Resource": {
@@ -1053,6 +1054,37 @@
10531054
}
10541055
]
10551056
}
1057+
},
1058+
{
1059+
"PolicyName": "KitchenSinkFunctionRolePolicy42",
1060+
"PolicyDocument": {
1061+
"Statement": [{
1062+
"Effect": "Allow",
1063+
"Action": [
1064+
"ce:GetCostAndUsage",
1065+
"ce:GetDimensionValues",
1066+
"ce:GetReservationCoverage",
1067+
"ce:GetReservationPurchaseRecommendation",
1068+
"ce:GetReservationUtilization",
1069+
"ce:GetTags"
1070+
],
1071+
"Resource": "*"
1072+
}]
1073+
}
1074+
},
1075+
{
1076+
"PolicyName": "KitchenSinkFunctionRolePolicy43",
1077+
"PolicyDocument": {
1078+
"Statement": [
1079+
{
1080+
"Action": [
1081+
"organizations:ListAccounts"
1082+
],
1083+
"Resource": "*",
1084+
"Effect": "Allow"
1085+
}
1086+
]
1087+
}
10561088
}
10571089
],
10581090
"AssumeRolePolicyDocument": {

tests/translator/output/aws-us-gov/all_policy_templates.json

Lines changed: 34 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -510,8 +510,9 @@
510510
"Statement": [
511511
{
512512
"Action": [
513-
"ses:GetIdentityVerificationAttributes",
514-
"ses:SendEmail",
513+
"ses:GetIdentityVerificationAttributes",
514+
"ses:SendEmail",
515+
"ses:SendRawEmail",
515516
"ses:VerifyEmailIdentity"
516517
],
517518
"Resource": {
@@ -1054,6 +1055,37 @@
10541055
}
10551056
]
10561057
}
1058+
},
1059+
{
1060+
"PolicyName": "KitchenSinkFunctionRolePolicy42",
1061+
"PolicyDocument": {
1062+
"Statement": [{
1063+
"Effect": "Allow",
1064+
"Action": [
1065+
"ce:GetCostAndUsage",
1066+
"ce:GetDimensionValues",
1067+
"ce:GetReservationCoverage",
1068+
"ce:GetReservationPurchaseRecommendation",
1069+
"ce:GetReservationUtilization",
1070+
"ce:GetTags"
1071+
],
1072+
"Resource": "*"
1073+
}]
1074+
}
1075+
},
1076+
{
1077+
"PolicyName": "KitchenSinkFunctionRolePolicy43",
1078+
"PolicyDocument": {
1079+
"Statement": [
1080+
{
1081+
"Action": [
1082+
"organizations:ListAccounts"
1083+
],
1084+
"Resource": "*",
1085+
"Effect": "Allow"
1086+
}
1087+
]
1088+
}
10571089
}
10581090
],
10591091
"AssumeRolePolicyDocument": {

0 commit comments

Comments
 (0)