feat(policy-templates): add DynamoDBWritePolicy and S3WritePolicy

[nmoutschen]

Issue #, if available:

Description of changes:

Added a policy template DynamoDBWritePolicy that grants write-only access to a DynamoDB table. It grants the following permissions:

• "dynamodb:PutItem"
• "dynamodb:UpdateItem"
• "dynamodb:BatchWriteItem"

Added a policy template S3WritePolicy that grants write-only access to an S3 bucket. It grants the following permissions:

• "s3:PutObject"
• "s3:PutObjectAcl"
• "s3:PutLifecycleConfiguration"

These two policy templates will help in case such as functions triggered by POST or PUT requests from an API Gateway.

Description of how you validated changes:

I ran make pr.

Checklist:

• Write/update tests
• make pr passes
• Update documentation (no changes needed)
• Verify transformed template deploys and application functions as expected
• Add/update example to examples/2016-10-31

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[timoschilling]

I would like to have a WritePolicy without delete. What's your use case for a policy which allows the deletion but not the read of an object? Maybe adding a WritePolicy and a DetelePolicy should be the best way. I assume that a WritePolicy with delete is an unexpected and security risk behavior.

[nmoutschen]

That makes lots of sense. I removed dynamodb:DeleteItem and s3:DeleteObject from their respective policies.

I think a DynamoDBDeletePolicy or S3DeletePolicy might be too small in scope (since it's a single permission).

[timoschilling]

Why not the delete policies, it's still short and the style would be the same in the template.

[codecov-io]

Codecov Report

Merging #1374 into develop will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff            @@
##           develop    #1374   +/-   ##
========================================
  Coverage    94.46%   94.46%           
========================================
  Files           78       78           
  Lines         4555     4555           
  Branches       912      912           
========================================
  Hits          4303     4303           
  Misses         118      118           
  Partials       134      134

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update eabe27d...1e4e57f. Read the comment docs.

[ShreyaGangishetty]

@nmoutschen Thank you for your contribution!
Could you please resolve merge conflicts for this PR?

[nmoutschen]

Not sure what's going on for the Python2.7 tests.

It's failing to import enum, but the enum34 module is installed. This also affects files that are not touched by this PR...

make test locally with a virtual environment using python 2.7 works.

[alexw91]

Codecov Report

Merging #1374 into develop will increase coverage by 0.52%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##           develop    #1374      +/-   ##
===========================================
+ Coverage    94.39%   94.92%   +0.52%     
===========================================
  Files           78       78              
  Lines         4709     5555     +846     
  Branches       944     1232     +288     
===========================================
+ Hits          4445     5273     +828     
- Misses         121      134      +13     
- Partials       143      148       +5     

Impacted Files	Coverage Δ
samtranslator/model/api/http_api_generator.py	95.68% <0.00%> (-2.64%)	⬇️
samtranslator/plugins/globals/globals.py	98.86% <0.00%> (-0.20%)	⬇️
samtranslator/model/api/api_generator.py	95.20% <0.00%> (+0.15%)	⬆️
samtranslator/model/eventsources/push.py	92.00% <0.00%> (+1.24%)	⬆️
samtranslator/model/sam_resources.py	95.96% <0.00%> (+1.89%)	⬆️
samtranslator/model/apigatewayv2.py	96.00% <0.00%> (+2.25%)	⬆️
samtranslator/open_api/open_api.py	96.33% <0.00%> (+2.45%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a1d7e54...5b76fb0. Read the comment docs.

[codecov-io]

Codecov Report

Merging #1374 into develop will increase coverage by 0.52%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##           develop    #1374      +/-   ##
===========================================
+ Coverage    94.39%   94.92%   +0.52%     
===========================================
  Files           78       78              
  Lines         4709     5555     +846     
  Branches       944     1232     +288     
===========================================
+ Hits          4445     5273     +828     
- Misses         121      134      +13     
- Partials       143      148       +5

Impacted Files	Coverage Δ
samtranslator/model/api/http_api_generator.py	95.68% <0%> (-2.64%)	⬇️
samtranslator/plugins/globals/globals.py	98.86% <0%> (-0.2%)	⬇️
samtranslator/model/api/api_generator.py	95.2% <0%> (+0.15%)	⬆️
samtranslator/model/eventsources/push.py	92% <0%> (+1.24%)	⬆️
samtranslator/model/sam_resources.py	95.96% <0%> (+1.89%)	⬆️
samtranslator/model/apigatewayv2.py	96% <0%> (+2.25%)	⬆️
samtranslator/open_api/open_api.py	96.33% <0%> (+2.45%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a1d7e54...5b76fb0. Read the comment docs.