aws_arn/builder/
iam.rs

1/*!
2Provides a set of simple helper functions to make ResourceNames for the IAM service.
3
4These resource definitions ae take from the AWS
5[documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/list_identityandaccessmanagement.html#identityandaccessmanagement-resources-for-iam-policies).
6With the exception  of the root account ResourceName described
7[here](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns).
8[*/
9
10use crate::builder::ArnBuilder;
11use crate::known::Service::IdentityAccessManagement;
12use crate::{AccountIdentifier, Identifier, IdentifierLike, ResourceIdentifier, ResourceName};
13
14// ------------------------------------------------------------------------------------------------
15// Public Functions
16// ------------------------------------------------------------------------------------------------
17
18///
19/// `arn:aws:iam::123456789012:root`
20///
21pub fn root(account: AccountIdentifier) -> ResourceName {
22    ArnBuilder::service_id(IdentityAccessManagement.into())
23        .owned_by(account)
24        .is(ResourceIdentifier::new_unchecked("root"))
25        .into()
26}
27
28///
29/// `arn:${Partition}:iam::${Account}:user/${UserNameWithPath}`
30///
31pub fn user(
32    partition: Identifier,
33    account: AccountIdentifier,
34    user_name: Identifier,
35) -> ResourceName {
36    ArnBuilder::service_id(IdentityAccessManagement.into())
37        .in_partition_id(partition)
38        .owned_by(account)
39        .is(ResourceIdentifier::from_id_path(&[
40            Identifier::new_unchecked("user"),
41            user_name,
42        ]))
43        .into()
44}
45
46///
47/// `arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}`
48///
49pub fn role(
50    partition: Identifier,
51    account: AccountIdentifier,
52    role_name: Identifier,
53) -> ResourceName {
54    ArnBuilder::service_id(IdentityAccessManagement.into())
55        .in_partition_id(partition)
56        .owned_by(account)
57        .is(ResourceIdentifier::from_id_path(&[
58            Identifier::new_unchecked("role"),
59            role_name,
60        ]))
61        .into()
62}
63
64///
65/// `arn:${Partition}:iam::${Account}:group/${GroupNameWithPath}`
66///
67pub fn group(
68    partition: Identifier,
69    account: AccountIdentifier,
70    group_name: Identifier,
71) -> ResourceName {
72    ArnBuilder::service_id(IdentityAccessManagement.into())
73        .in_partition_id(partition)
74        .owned_by(account)
75        .is(ResourceIdentifier::from_id_path(&[
76            Identifier::new_unchecked("group"),
77            group_name,
78        ]))
79        .into()
80}
81
82///
83/// `arn:${Partition}:iam::${Account}:policy/${PolicyNameWithPath}`
84///
85pub fn policy(
86    partition: Identifier,
87    account: AccountIdentifier,
88    policy_name: Identifier,
89) -> ResourceName {
90    ArnBuilder::service_id(IdentityAccessManagement.into())
91        .in_partition_id(partition)
92        .owned_by(account)
93        .is(ResourceIdentifier::from_id_path(&[
94            Identifier::new_unchecked("policy"),
95            policy_name,
96        ]))
97        .into()
98}