Skip to content

Commit

Permalink
Issue # Get*, List* for all services with a cloudcontrol provisionabl…
Browse files Browse the repository at this point in the history 
…e resource required fro cloudcontrol.get_resource()
  • Loading branch information
@cschneider-vertical-relevance
cschneider-vertical-relevance committed May 3, 2022
1 parent 2600d99 commit b886c52
Show file tree
Hide file tree
Showing 2 changed files with 302 additions and 1 deletion.
301 changes: 301 additions & 0 deletions stacks/control_broker_stack.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,18 @@ def deploy_inner_sfn_lambdas(self):
aws_iam.PolicyStatement(
actions=[
"cloudformation:ValidateTemplate",
"cloudformation:DescribeType",
"cloudformation:Get*", #FIXME
"cloudformation:Describe*", #FIXME
],
resources=["*"],
)
)
self.lambda_pac_evaluation_router.role.add_to_policy(
aws_iam.PolicyStatement(
actions=[
"cloudcontrol:GetResource",
"cloudcontrol:*", #FIXME
],
resources=["*"],
)
Expand All @@ -238,6 +250,295 @@ def deploy_inner_sfn_lambdas(self):
],
)
)
self.lambda_pac_evaluation_router.role.add_to_policy(
aws_iam.PolicyStatement(
# Get*, List* for all services with a cloudcontrol provisionable resource
# required fro cloudcontrol.get_resource()
actions=[
"acmpca:Get*",
"acmpca:List*",
"aps:Get*",
"aps:List*",
"accessanalyzer:Get*",
"accessanalyzer:List*",
"amplify:Get*",
"amplify:List*",
"amplifyuibuilder:Get*",
"amplifyuibuilder:List*",
"apigateway:Get*",
"apigateway:List*",
"appflow:Get*",
"appflow:List*",
"appintegrations:Get*",
"appintegrations:List*",
"apprunner:Get*",
"apprunner:List*",
"appstream:Get*",
"appstream:List*",
"appsync:Get*",
"appsync:List*",
"applicationinsights:Get*",
"applicationinsights:List*",
"athena:Get*",
"athena:List*",
"auditmanager:Get*",
"auditmanager:List*",
"autoscaling:Get*",
"autoscaling:List*",
"backup:Get*",
"backup:List*",
"batch:Get*",
"batch:List*",
"budgets:Get*",
"budgets:List*",
"ce:Get*",
"ce:List*",
"cur:Get*",
"cur:List*",
"cassandra:Get*",
"cassandra:List*",
"certificatemanager:Get*",
"certificatemanager:List*",
"chatbot:Get*",
"chatbot:List*",
"cloudformation:Get*",
"cloudformation:List*",
"cloudfront:Get*",
"cloudfront:List*",
"cloudtrail:Get*",
"cloudtrail:List*",
"cloudwatch:Get*",
"cloudwatch:List*",
"codeartifact:Get*",
"codeartifact:List*",
"codeguruprofiler:Get*",
"codeguruprofiler:List*",
"codegurureviewer:Get*",
"codegurureviewer:List*",
"codestarconnections:Get*",
"codestarconnections:List*",
"codestarnotifications:Get*",
"codestarnotifications:List*",
"config:Get*",
"config:List*",
"connect:Get*",
"connect:List*",
"customerprofiles:Get*",
"customerprofiles:List*",
"databrew:Get*",
"databrew:List*",
"datasync:Get*",
"datasync:List*",
"detective:Get*",
"detective:List*",
"devopsguru:Get*",
"devopsguru:List*",
"devicefarm:Get*",
"devicefarm:List*",
"dynamodb:Get*",
"dynamodb:List*",
"ec2:Get*",
"ec2:List*",
"ecr:Get*",
"ecr:List*",
"ecs:Get*",
"ecs:List*",
"efs:Get*",
"efs:List*",
"eks:Get*",
"eks:List*",
"emr:Get*",
"emr:List*",
"emrcontainers:Get*",
"emrcontainers:List*",
"elasticache:Get*",
"elasticache:List*",
"elasticloadbalancingv2:Get*",
"elasticloadbalancingv2:List*",
"eventschemas:Get*",
"eventschemas:List*",
"events:Get*",
"events:List*",
"evidently:Get*",
"evidently:List*",
"fis:Get*",
"fis:List*",
"fms:Get*",
"fms:List*",
"finspace:Get*",
"finspace:List*",
"forecast:Get*",
"forecast:List*",
"frauddetector:Get*",
"frauddetector:List*",
"gamelift:Get*",
"gamelift:List*",
"globalaccelerator:Get*",
"globalaccelerator:List*",
"glue:Get*",
"glue:List*",
"greengrassv2:Get*",
"greengrassv2:List*",
"groundstation:Get*",
"groundstation:List*",
"healthlake:Get*",
"healthlake:List*",
"iam:Get*",
"iam:List*",
"ivs:Get*",
"ivs:List*",
"imagebuilder:Get*",
"imagebuilder:List*",
"inspector:Get*",
"inspector:List*",
"inspectorv2:Get*",
"inspectorv2:List*",
"iot:Get*",
"iot:List*",
"iotanalytics:Get*",
"iotanalytics:List*",
"iotcoredeviceadvisor:Get*",
"iotcoredeviceadvisor:List*",
"iotevents:Get*",
"iotevents:List*",
"iotfleethub:Get*",
"iotfleethub:List*",
"iotsitewise:Get*",
"iotsitewise:List*",
"iotwireless:Get*",
"iotwireless:List*",
"kms:Get*",
"kms:List*",
"kafkaconnect:Get*",
"kafkaconnect:List*",
"kendra:Get*",
"kendra:List*",
"kinesis:Get*",
"kinesis:List*",
"kinesisfirehose:Get*",
"kinesisfirehose:List*",
"kinesisvideo:Get*",
"kinesisvideo:List*",
"lambda:Get*",
"lambda:List*",
"lex:Get*",
"lex:List*",
"licensemanager:Get*",
"licensemanager:List*",
"lightsail:Get*",
"lightsail:List*",
"location:Get*",
"location:List*",
"logs:Get*",
"logs:List*",
"lookoutequipment:Get*",
"lookoutequipment:List*",
"lookoutmetrics:Get*",
"lookoutmetrics:List*",
"lookoutvision:Get*",
"lookoutvision:List*",
"msk:Get*",
"msk:List*",
"mwaa:Get*",
"mwaa:List*",
"macie:Get*",
"macie:List*",
"mediaconnect:Get*",
"mediaconnect:List*",
"mediapackage:Get*",
"mediapackage:List*",
"memorydb:Get*",
"memorydb:List*",
"networkfirewall:Get*",
"networkfirewall:List*",
"networkmanager:Get*",
"networkmanager:List*",
"nimblestudio:Get*",
"nimblestudio:List*",
"opensearchservice:Get*",
"opensearchservice:List*",
"opsworkscm:Get*",
"opsworkscm:List*",
"panorama:Get*",
"panorama:List*",
"personalize:Get*",
"personalize:List*",
"pinpoint:Get*",
"pinpoint:List*",
"qldb:Get*",
"qldb:List*",
"quicksight:Get*",
"quicksight:List*",
"rds:Get*",
"rds:List*",
"rum:Get*",
"rum:List*",
"redshift:Get*",
"redshift:List*",
"refactorspaces:Get*",
"refactorspaces:List*",
"rekognition:Get*",
"rekognition:List*",
"resiliencehub:Get*",
"resiliencehub:List*",
"resourcegroups:Get*",
"resourcegroups:List*",
"robomaker:Get*",
"robomaker:List*",
"route53:Get*",
"route53:List*",
"route53recoverycontrol:Get*",
"route53recoverycontrol:List*",
"route53recoveryreadiness:Get*",
"route53recoveryreadiness:List*",
"route53resolver:Get*",
"route53resolver:List*",
"s3:Get*",
"s3:List*",
"s3objectlambda:Get*",
"s3objectlambda:List*",
"s3outposts:Get*",
"s3outposts:List*",
"ses:Get*",
"ses:List*",
"sqs:Get*",
"sqs:List*",
"ssm:Get*",
"ssm:List*",
"ssmcontacts:Get*",
"ssmcontacts:List*",
"ssmincidents:Get*",
"ssmincidents:List*",
"sso:Get*",
"sso:List*",
"sagemaker:Get*",
"sagemaker:List*",
"servicecatalog:Get*",
"servicecatalog:List*",
"servicecatalogappregistry:Get*",
"servicecatalogappregistry:List*",
"signer:Get*",
"signer:List*",
"stepfunctions:Get*",
"stepfunctions:List*",
"synthetics:Get*",
"synthetics:List*",
"timestream:Get*",
"timestream:List*",
"transfer:Get*",
"transfer:List*",
"wafv2:Get*",
"wafv2:List*",
"wisdom:Get*",
"wisdom:List*",
"workspaces:Get*",
"workspaces:List*",
"xray:Get*",
"xray:List*",
],
resources=["*"],
)
)

# InputType CloudFormation - PaCFramework OPA - PythonSubprocess

Expand Down
2 changes: 1 addition & 1 deletion supplementary_files/lambdas/pac_evaluation_router/lambda_function.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ def parse_config_event(self):
print(f'resource_configuration_keys:\n{resource_configuration_keys}')

self.resource_id = configuration_item['resourceId']
print(f'resource_id:\n{self.resource_type}')
print(f'resource_id:\n{self.resource_id}')

def get_converted_cloudformation(self):

Expand Down

0 comments on commit b886c52

Please sign in to comment.