Skip to content

adding SES Bulk Templated Policy Template #715

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Dec 13, 2018
Merged

adding SES Bulk Templated Policy Template #715

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
bd53f37
adding SES Bulk Templated Policy Templates
simalexan Dec 12, 2018
c796059
Update all_policy_templates.json
keetonian Dec 13, 2018
c45e848
Update all_policy_templates.json
keetonian Dec 13, 2018
5630a7a
Update all_policy_templates.json
keetonian Dec 13, 2018
d02600f
Update policy_templates.json
keetonian Dec 13, 2018
074ed30
Update all_policy_templates.yaml
keetonian Dec 13, 2018
cad8cb1
Update all_policy_templates.yaml
keetonian Dec 13, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions examples/2016-10-31/policy_templates/all_policy_templates.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,9 @@ Resources:
- SESCrudPolicy:
IdentityName: name

- SESBulkTemplatedCrudPolicy:
IdentityName: name

- SNSCrudPolicy:
TopicName: name

Expand Down
33 changes: 33 additions & 0 deletions samtranslator/policy_templates_data/policy_templates.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -697,6 +697,39 @@
]
}
},
"SESBulkTemplatedCrudPolicy": {
"Description": "Gives permission to send email, templated email, templated bulk emails and verify identity",
"Parameters": {
"IdentityName": {
"Description": "Identity to give permissions to"
}
},
"Definition": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:GetIdentityVerificationAttributes",
"ses:SendEmail",
"ses:SendRawEmail",
"ses:SendTemplatedEmail",
"ses:SendBulkTemplatedEmail",
"ses:VerifyEmailIdentity"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:ses:${AWS::Region}:${AWS::AccountId}:identity/${identityName}",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure this works? I read this in the SES IAM docs:

Amazon SES has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that is correct, you don't need any resource, but there are 2 things that made me include this Resource section:

  1. The previous SESCrudPolicy, which is just for sending regular SES emails, requires an identity as well. It's the previous policy template just above this one. It is required for this Policy Template. I didn't intend to add it, but when I saw it there, as it was one the first ones added here, I just added it for consistency.
  2. This identity represents the verified identity (email or domain) from which you want to be allowed to send emails from.

I have no problem from removing this section if necessary. The SESCrudPolicy is working, so I think this one will too.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for pointing out the SESCrudPolicy. It's interesting that the SES IAM docs say SES has no service-defined resources. I'll leave some feedback on their docs page so we can get that corrected.

{
"identityName": {
"Ref": "IdentityName"
}
}
]
}
}
]
}
},
"SNSCrudPolicy": {
"Description": "Gives permissions to create, publish and subscribe to SNS topics",
"Parameters": {
Expand Down
3 changes: 3 additions & 0 deletions tests/translator/input/all_policy_templates.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,9 @@ Resources:

- SESCrudPolicy:
IdentityName: name

- SESBulkTemplatedCrudPolicy:
IdentityName: name

- SNSCrudPolicy:
TopicName: name
Expand Down
26 changes: 26 additions & 0 deletions tests/translator/output/all_policy_templates.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1117,6 +1117,32 @@
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy47",
"PolicyDocument": {
"Statement": [
{
"Action": [
"ses:GetIdentityVerificationAttributes",
"ses:SendEmail",
"ses:SendRawEmail",
"ses:SendTemplatedEmail",
"ses:SendBulkTemplatedEmail",
"ses:VerifyEmailIdentity"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:ses:${AWS::Region}:${AWS::AccountId}:identity/${identityName}",
{
"identityName": "name"
}
]
},
"Effect": "Allow"
}
]
}
}
],
"AssumeRolePolicyDocument": {
Expand Down
26 changes: 26 additions & 0 deletions tests/translator/output/aws-cn/all_policy_templates.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1116,6 +1116,32 @@
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy47",
"PolicyDocument": {
"Statement": [
{
"Action": [
"ses:GetIdentityVerificationAttributes",
"ses:SendEmail",
"ses:SendRawEmail",
"ses:SendTemplatedEmail",
"ses:SendBulkTemplatedEmail",
"ses:VerifyEmailIdentity"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:ses:${AWS::Region}:${AWS::AccountId}:identity/${identityName}",
{
"identityName": "name"
}
]
},
"Effect": "Allow"
}
]
}
}
],
"AssumeRolePolicyDocument": {
Expand Down
26 changes: 26 additions & 0 deletions tests/translator/output/aws-us-gov/all_policy_templates.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1117,6 +1117,32 @@
}
]
}
},
{
"PolicyName": "KitchenSinkFunctionRolePolicy47",
"PolicyDocument": {
"Statement": [
{
"Action": [
"ses:GetIdentityVerificationAttributes",
"ses:SendEmail",
"ses:SendRawEmail",
"ses:SendTemplatedEmail",
"ses:SendBulkTemplatedEmail",
"ses:VerifyEmailIdentity"
],
"Resource": {
"Fn::Sub": [
"arn:${AWS::Partition}:ses:${AWS::Region}:${AWS::AccountId}:identity/${identityName}",
{
"identityName": "name"
}
]
},
"Effect": "Allow"
}
]
}
}
],
"AssumeRolePolicyDocument": {
Expand Down