Skip to content

Commit a7035eb

Browse files
ljacobssonkeetonian
ljacobsson
authored and
keetonian
committed
feat(policy-templates): add new policy for allowing step functions ex… (#904)
1 parent 9385a0a commit a7035eb

File tree

6 files changed

+97
-0
lines changed

6 files changed

+97
-0
lines changed

examples/2016-10-31/policy_templates/all_policy_templates.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,3 +87,6 @@ Resources:
8787

8888
- FilterLogEventsPolicy:
8989
LogGroupName: name
90+
91+
- StepFunctionsExecutionPolicy:
92+
StateMachineName: name

samtranslator/policy_templates_data/policy_templates.json

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1562,6 +1562,34 @@
15621562
}
15631563
]
15641564
}
1565+
},
1566+
"StepFunctionsExecutionPolicy": {
1567+
"Description": "Gives permission to start a Step Functions state machine execution",
1568+
"Parameters": {
1569+
"StateMachineName": {
1570+
"Description":"The name of the state machine to execute."
1571+
}
1572+
},
1573+
"Definition": {
1574+
"Statement": [
1575+
{
1576+
"Effect": "Allow",
1577+
"Action": [
1578+
"states:StartExecution"
1579+
],
1580+
"Resource": {
1581+
"Fn::Sub": [
1582+
"arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${stateMachineName}",
1583+
{
1584+
"stateMachineName": {
1585+
"Ref": "StateMachineName"
1586+
}
1587+
}
1588+
]
1589+
}
1590+
}
1591+
]
1592+
}
15651593
}
15661594
}
15671595
}

tests/translator/input/all_policy_templates.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -143,3 +143,6 @@ Resources:
143143

144144
- SSMParameterReadPolicy:
145145
ParameterName: name
146+
147+
- StepFunctionsExecutionPolicy:
148+
StateMachineName: name

tests/translator/output/all_policy_templates.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1215,6 +1215,27 @@
12151215
}
12161216
]
12171217
}
1218+
},
1219+
{
1220+
"PolicyName": "KitchenSinkFunctionRolePolicy49",
1221+
"PolicyDocument": {
1222+
"Statement": [
1223+
{
1224+
"Effect": "Allow",
1225+
"Action": [
1226+
"states:StartExecution"
1227+
],
1228+
"Resource": {
1229+
"Fn::Sub": [
1230+
"arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${stateMachineName}",
1231+
{
1232+
"stateMachineName": "name"
1233+
}
1234+
]
1235+
}
1236+
}
1237+
]
1238+
}
12181239
}
12191240
],
12201241
"AssumeRolePolicyDocument": {

tests/translator/output/aws-cn/all_policy_templates.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1214,6 +1214,27 @@
12141214
}
12151215
]
12161216
}
1217+
},
1218+
{
1219+
"PolicyName": "KitchenSinkFunctionRolePolicy49",
1220+
"PolicyDocument": {
1221+
"Statement": [
1222+
{
1223+
"Effect": "Allow",
1224+
"Action": [
1225+
"states:StartExecution"
1226+
],
1227+
"Resource": {
1228+
"Fn::Sub": [
1229+
"arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${stateMachineName}",
1230+
{
1231+
"stateMachineName": "name"
1232+
}
1233+
]
1234+
}
1235+
}
1236+
]
1237+
}
12171238
}
12181239
],
12191240
"AssumeRolePolicyDocument": {

tests/translator/output/aws-us-gov/all_policy_templates.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1215,6 +1215,27 @@
12151215
}
12161216
]
12171217
}
1218+
},
1219+
{
1220+
"PolicyName": "KitchenSinkFunctionRolePolicy49",
1221+
"PolicyDocument": {
1222+
"Statement": [
1223+
{
1224+
"Effect": "Allow",
1225+
"Action": [
1226+
"states:StartExecution"
1227+
],
1228+
"Resource": {
1229+
"Fn::Sub": [
1230+
"arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${stateMachineName}",
1231+
{
1232+
"stateMachineName": "name"
1233+
}
1234+
]
1235+
}
1236+
}
1237+
]
1238+
}
12181239
}
12191240
],
12201241
"AssumeRolePolicyDocument": {

0 commit comments

Comments
 (0)