diff --git a/samtranslator/policy_templates_data/policy_templates.json b/samtranslator/policy_templates_data/policy_templates.json index 75e88df3e1..d65182c172 100644 --- a/samtranslator/policy_templates_data/policy_templates.json +++ b/samtranslator/policy_templates_data/policy_templates.json @@ -962,6 +962,36 @@ ] } }, + "RekognitionFacesManagementPolicy": { + "Description": "Gives permission to add, delete and search faces in a collection", + "Parameters": { + "CollectionId": { + "Description": "ID of the collection" + } + }, + "Definition": { + "Statement": [{ + "Effect": "Allow", + "Action": [ + "rekognition:IndexFaces", + "rekognition:DeleteFaces", + "rekognition:SearchFaces", + "rekognition:SearchFacesByImage", + "rekognition:ListFaces" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:rekognition:${AWS::Region}:${AWS::AccountId}:collection/${collectionId}", + { + "collectionId": { + "Ref": "CollectionId" + } + } + ] + } + }] + } + }, "RekognitionFacesPolicy": { "Description": "Gives permission to compare and detect faces and labels", "Parameters": { diff --git a/tests/translator/input/all_policy_templates.yaml b/tests/translator/input/all_policy_templates.yaml index e9da0ab0b4..2ddfda706a 100644 --- a/tests/translator/input/all_policy_templates.yaml +++ b/tests/translator/input/all_policy_templates.yaml @@ -120,3 +120,6 @@ Resources: PinpointApplicationId: id - RekognitionDetectOnlyPolicy: {} + + - RekognitionFacesManagementPolicy: + CollectionId: collection \ No newline at end of file diff --git a/tests/translator/output/all_policy_templates.json b/tests/translator/output/all_policy_templates.json index 4c9350eaad..bef3cd2d3a 100644 --- a/tests/translator/output/all_policy_templates.json +++ b/tests/translator/output/all_policy_templates.json @@ -1003,6 +1003,31 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy40", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "rekognition:IndexFaces", + "rekognition:DeleteFaces", + "rekognition:SearchFaces", + "rekognition:SearchFacesByImage", + "rekognition:ListFaces" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:rekognition:${AWS::Region}:${AWS::AccountId}:collection/${collectionId}", + { + "collectionId": "collection" + } + ] + }, + "Effect": "Allow" + } + ] + } } ], "AssumeRolePolicyDocument": { diff --git a/tests/translator/output/aws-cn/all_policy_templates.json b/tests/translator/output/aws-cn/all_policy_templates.json index eea977c9f5..90b44732d2 100644 --- a/tests/translator/output/aws-cn/all_policy_templates.json +++ b/tests/translator/output/aws-cn/all_policy_templates.json @@ -1003,6 +1003,31 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy40", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "rekognition:IndexFaces", + "rekognition:DeleteFaces", + "rekognition:SearchFaces", + "rekognition:SearchFacesByImage", + "rekognition:ListFaces" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:rekognition:${AWS::Region}:${AWS::AccountId}:collection/${collectionId}", + { + "collectionId": "collection" + } + ] + }, + "Effect": "Allow" + } + ] + } } ], "AssumeRolePolicyDocument": { diff --git a/tests/translator/output/aws-us-gov/all_policy_templates.json b/tests/translator/output/aws-us-gov/all_policy_templates.json index 7528a68398..d20b4b08dc 100644 --- a/tests/translator/output/aws-us-gov/all_policy_templates.json +++ b/tests/translator/output/aws-us-gov/all_policy_templates.json @@ -1004,6 +1004,31 @@ } ] } + }, + { + "PolicyName": "KitchenSinkFunctionRolePolicy40", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "rekognition:IndexFaces", + "rekognition:DeleteFaces", + "rekognition:SearchFaces", + "rekognition:SearchFacesByImage", + "rekognition:ListFaces" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:rekognition:${AWS::Region}:${AWS::AccountId}:collection/${collectionId}", + { + "collectionId": "collection" + } + ] + }, + "Effect": "Allow" + } + ] + } } ], "AssumeRolePolicyDocument": {