From 46e4d481dea9f5da0d37d7575de54c608dfc49d1 Mon Sep 17 00:00:00 2001 From: David Faulkner Date: Tue, 8 May 2018 15:03:10 +1200 Subject: [PATCH] feat(policy-template): add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy policy templates (#426) --- .../policy_templates.json | 32 +++++++++++++++++++ .../input/all_policy_templates.yaml | 6 +++- .../output/all_policy_templates.json | 32 +++++++++++++++++++ .../output/aws-cn/all_policy_templates.json | 32 +++++++++++++++++++ .../aws-us-gov/all_policy_templates.json | 32 +++++++++++++++++++ 5 files changed, 133 insertions(+), 1 deletion(-) diff --git a/samtranslator/policy_templates_data/policy_templates.json b/samtranslator/policy_templates_data/policy_templates.json index 428cdd93f4..dec9de49cd 100644 --- a/samtranslator/policy_templates_data/policy_templates.json +++ b/samtranslator/policy_templates_data/policy_templates.json @@ -628,6 +628,7 @@ "Action": [ "ses:GetIdentityVerificationAttributes", "ses:SendEmail", + "ses:SendRawEmail", "ses:VerifyEmailIdentity" ], "Resource": { @@ -1358,6 +1359,37 @@ } ] } + }, + "CostExplorerReadOnlyPolicy": { + "Description": "Gives access to the readonly Cost Explorer APIs for billing history", + "Parameters": {}, + "Definition": { + "Statement": [{ + "Effect": "Allow", + "Action": [ + "ce:GetCostAndUsage", + "ce:GetDimensionValues", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetTags" + ], + "Resource": "*" + }] + } + }, + "OrganizationsListAccountsPolicy": { + "Description": "Gives readonly permission to list child account names and ids", + "Parameters": {}, + "Definition": { + "Statement": [{ + "Effect": "Allow", + "Action": [ + "organizations:ListAccounts" + ], + "Resource": "*" + }] + } } } } diff --git a/tests/translator/input/all_policy_templates.yaml b/tests/translator/input/all_policy_templates.yaml index 17595ffd43..cb87acc9b7 100644 --- a/tests/translator/input/all_policy_templates.yaml +++ b/tests/translator/input/all_policy_templates.yaml @@ -124,4 +124,8 @@ Resources: - RekognitionFacesManagementPolicy: CollectionId: collection - - EKSDescribePolicy: {} \ No newline at end of file + - EKSDescribePolicy: {} + + - CostExplorerReadOnlyPolicy: {} + + - OrganizationsListAccountsPolicy: {} diff --git a/tests/translator/output/all_policy_templates.json b/tests/translator/output/all_policy_templates.json index 086eee631e..9b971abcd9 100644 --- a/tests/translator/output/all_policy_templates.json +++ b/tests/translator/output/all_policy_templates.json @@ -502,6 +502,7 @@ "Action": [ "ses:GetIdentityVerificationAttributes", "ses:SendEmail", + "ses:SendRawEmail", "ses:VerifyEmailIdentity" ], "Resource": { @@ -1043,6 +1044,37 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy42", + "PolicyDocument": { + "Statement": [{ + "Effect": "Allow", + "Action": [ + "ce:GetCostAndUsage", + "ce:GetDimensionValues", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetTags" + ], + "Resource": "*" + }] + } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy43", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "organizations:ListAccounts" + ], + "Resource": "*", + "Effect": "Allow" + } + ] + } } ], "AssumeRolePolicyDocument": { diff --git a/tests/translator/output/aws-cn/all_policy_templates.json b/tests/translator/output/aws-cn/all_policy_templates.json index 43353ceed3..f08f76d556 100644 --- a/tests/translator/output/aws-cn/all_policy_templates.json +++ b/tests/translator/output/aws-cn/all_policy_templates.json @@ -502,6 +502,7 @@ "Action": [ "ses:GetIdentityVerificationAttributes", "ses:SendEmail", + "ses:SendRawEmail", "ses:VerifyEmailIdentity" ], "Resource": { @@ -1043,6 +1044,37 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy42", + "PolicyDocument": { + "Statement": [{ + "Effect": "Allow", + "Action": [ + "ce:GetCostAndUsage", + "ce:GetDimensionValues", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetTags" + ], + "Resource": "*" + }] + } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy43", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "organizations:ListAccounts" + ], + "Resource": "*", + "Effect": "Allow" + } + ] + } } ], "AssumeRolePolicyDocument": { diff --git a/tests/translator/output/aws-us-gov/all_policy_templates.json b/tests/translator/output/aws-us-gov/all_policy_templates.json index 3843aaf4de..337d9b9501 100644 --- a/tests/translator/output/aws-us-gov/all_policy_templates.json +++ b/tests/translator/output/aws-us-gov/all_policy_templates.json @@ -502,6 +502,7 @@ "Action": [ "ses:GetIdentityVerificationAttributes", "ses:SendEmail", + "ses:SendRawEmail", "ses:VerifyEmailIdentity" ], "Resource": { @@ -1044,6 +1045,37 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy42", + "PolicyDocument": { + "Statement": [{ + "Effect": "Allow", + "Action": [ + "ce:GetCostAndUsage", + "ce:GetDimensionValues", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetTags" + ], + "Resource": "*" + }] + } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy43", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "organizations:ListAccounts" + ], + "Resource": "*", + "Effect": "Allow" + } + ] + } } ], "AssumeRolePolicyDocument": {