From e6c80f94bd1b7b1fdc8e079aec9688457a1ada55 Mon Sep 17 00:00:00 2001 From: Turja Chaudhuri Date: Sun, 23 Sep 2018 05:52:01 +0530 Subject: [PATCH] Changes done to add a new policy template to AWS SAM which will support an app that can list users and their access keys --- .../policy_templates.json | 19 +++++++++++++++++++ .../input/all_policy_templates.yaml | 2 ++ .../output/all_policy_templates.json | 18 +++++++++++++++++- .../output/aws-cn/all_policy_templates.json | 18 +++++++++++++++++- .../aws-us-gov/all_policy_templates.json | 16 ++++++++++++++++ 5 files changed, 71 insertions(+), 2 deletions(-) diff --git a/samtranslator/policy_templates_data/policy_templates.json b/samtranslator/policy_templates_data/policy_templates.json index 75e88df3e1..72916e8a81 100644 --- a/samtranslator/policy_templates_data/policy_templates.json +++ b/samtranslator/policy_templates_data/policy_templates.json @@ -1311,6 +1311,25 @@ } ] } + }, + "IAMListUserAccessKeyPolicy": { + "Description": "Gives permissions to list users and their access keys", + "Parameters": { + + }, + "Definition": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:ListAccessKeys", + "iam:GetAccessKeyLastUsed", + "iam:ListUsers" + ], + "Resource": "*" + } + ] + } } } } diff --git a/tests/translator/input/all_policy_templates.yaml b/tests/translator/input/all_policy_templates.yaml index e9da0ab0b4..f8c4d546b0 100644 --- a/tests/translator/input/all_policy_templates.yaml +++ b/tests/translator/input/all_policy_templates.yaml @@ -120,3 +120,5 @@ Resources: PinpointApplicationId: id - RekognitionDetectOnlyPolicy: {} + + - IAMListUserAccessKeyPolicy: {} diff --git a/tests/translator/output/all_policy_templates.json b/tests/translator/output/all_policy_templates.json index 4c9350eaad..2beaba4ca4 100644 --- a/tests/translator/output/all_policy_templates.json +++ b/tests/translator/output/all_policy_templates.json @@ -1003,7 +1003,23 @@ } ] } - } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy40", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "iam:ListAccessKeys", + "iam:GetAccessKeyLastUsed", + "iam:ListUsers" + ], + "Resource": "*", + "Effect": "Allow" + } + ] + } + } ], "AssumeRolePolicyDocument": { "Version": "2012-10-17", diff --git a/tests/translator/output/aws-cn/all_policy_templates.json b/tests/translator/output/aws-cn/all_policy_templates.json index eea977c9f5..643a1f91a3 100644 --- a/tests/translator/output/aws-cn/all_policy_templates.json +++ b/tests/translator/output/aws-cn/all_policy_templates.json @@ -1003,7 +1003,23 @@ } ] } - } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy40", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "iam:ListAccessKeys", + "iam:GetAccessKeyLastUsed", + "iam:ListUsers" + ], + "Resource": "*", + "Effect": "Allow" + } + ] + } + } ], "AssumeRolePolicyDocument": { "Version": "2012-10-17", diff --git a/tests/translator/output/aws-us-gov/all_policy_templates.json b/tests/translator/output/aws-us-gov/all_policy_templates.json index 7528a68398..1d7718beef 100644 --- a/tests/translator/output/aws-us-gov/all_policy_templates.json +++ b/tests/translator/output/aws-us-gov/all_policy_templates.json @@ -1004,6 +1004,22 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy40", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "iam:ListAccessKeys", + "iam:GetAccessKeyLastUsed", + "iam:ListUsers" + ], + "Resource": "*", + "Effect": "Allow" + } + ] + } } ], "AssumeRolePolicyDocument": {