aws-iam 0.2.0

A Rust crate for dealing with AWS IAM Policy resources
Documentation

Crate aws-iam

A Rust crate for dealing with AWS IAM Policy resources.

MIT License Minimum Rust Version crates.io docs.rs GitHub stars

Model

TBD

Example

use aws_iam::model::*;

let policy: Policy = PolicyBuilder::new()
    .named("confidential-data-access")
    .evaluate_statement(
        StatementBuilder::new()
            .auto_named()
            .allows()
            .unspecified_principals()
            .may_perform_actions(vec!["s3:List*", "s3:Get*"])
            .on_resources(vec![
                "arn:aws:s3:::confidential-data",
                "arn:aws:s3:::confidential-data/*",
            ])
            .if_condition(
                ConditionBuilder::new_bool()
                    .right_hand_bool("aws:MultiFactorAuthPresent", true)
                    .if_exists(),
            ),
    )
    .into();
println!("{}", policy);

Results in the following JSON.

{
  "Id": "confidential-data-access",
  "Statement": {
    "Sid": "sid_e4d7f2d3-cfed-4346-9c5e-a8e9e38ef44f",
    "Effect": "Allow",
    "Action": [
      "s3:List*",
      "s3:Get*"
    ],
    "Resource": [
      "arn:aws:s3:::confidential-data",
      "arn:aws:s3:::confidential-data/*"
    ],
    "Condition": {
      "BoolIfExists": {
        "aws:MultiFactorAuthPresent": "true"
      }
    }
  }
}

policy Command-Line Tool

TBD

Changes

Version 0.1.0

  • First commit to Crates.io
  • Completed markdown support for policy tool verification.
  • Completed changes to the model to support NotAction, NotPrincipal, and NotResource.
  • Filled obvious gaps in documentation.

Version 0.1.0

  • Initial commit stream to Github from private project.
  • Goal was to complete the existing model, documentation and add the policy tool.

TODO

  1. Add Latex output to policy.