Crate aws-iam
A Rust crate for dealing with AWS IAM Policy resources.
Model
For the most part importing aws_iam::model
provides the core types necessary to programmatically create
Policy documents. You can also import aws_iam::model::builder
to use a more fluent interface to construct
Policies. The aws_iam::io
module provides simple read and write functions, the write functions producing
pretty printed JSON output.
The aws_iam::report
module provides a set of traits that allow for visiting a Policy model, and implementations
of these that write formatted versions of a Policy as documentation.
Example
use *;
use write_to_writer;
use stdout;
let policy: Policy = new
.named
.evaluate_statement
.into;
write_to_writer;
Results in the following JSON.
policy Command-Line Tool
The policy
tool provides some very basic policy resource operations. The most valuable of these is verify
which
will read a file, parse it and produce a formatted output. This output can be a documentation form which is useful
for describing common policies.
)
For example, given the following JSON policy:
the command policy verify -f markdown
will produce the output between the following lines.
Policy
IAM Policy Version: 2012-10-17
Statement
Statement ID: DenyAllUsersNotUsingMFA
DENY IF
Action
NOT
= "iam:*"
Resource = "*"
Condition
IF EXISTS
aws:MultiFactorAuthPresent
_THEN
- _
aws:MultiFactorAuthPresent
_Bool
"false"
- _
Changes
Version 0.2.1
- Fixing
missing_docs
warnings. - Removed
any_of()
,condition_one()
, andone()
from builder, replaced with functions on Action, Principal, and Resource.
Version 0.2.0
- First commit to Crates.io.
- Completed markdown support for
policy
tool verification. - Completed changes to the model to support
NotAction
,NotPrincipal
, andNotResource
. - Filled obvious gaps in documentation.
Version 0.1.0
- Initial commit stream to Github from private project.
- Goal was to complete the existing model, documentation and add the
policy
tool.
TODO
- Add Latex output to
policy
.