Crate aws-iam
A Rust crate for dealing with AWS IAM
Policy resources.
Model
TBD
Example
use aws_iam::model::*;
let policy: Policy = PolicyBuilder::new()
.named("confidential-data-access")
.evaluate_statement(
StatementBuilder::new()
.auto_named()
.allows()
.unspecified_principals()
.may_perform_actions(vec!["s3:List*", "s3:Get*"])
.on_resources(vec![
"arn:aws:s3:::confidential-data",
"arn:aws:s3:::confidential-data/*",
])
.if_condition(
ConditionBuilder::new_bool()
.right_hand_bool("aws:MultiFactorAuthPresent", true)
.if_exists(),
),
)
.into();
println!("{}", policy);
Results in the following JSON.
{
"Id": "confidential-data-access",
"Statement": {
"Sid": "sid_e4d7f2d3-cfed-4346-9c5e-a8e9e38ef44f",
"Effect": "Allow",
"Action": [
"s3:List*",
"s3:Get*"
],
"Resource": [
"arn:aws:s3:::confidential-data",
"arn:aws:s3:::confidential-data/*"
],
"Condition": {
"BoolIfExists": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
}
policy Command-Line Tool
TBD
Changes
Version 0.1.0
- First commit to Crates.io
- Completed markdown support for
policy
tool verification.
- Completed changes to the model to support
NotAction
, NotPrincipal
, and NotResource
.
- Filled obvious gaps in documentation.
Version 0.1.0
- Initial commit stream to Github from private project.
- Goal was to complete the existing model, documentation and add the
policy
tool.
TODO
- Add Latex output to
policy
.