Skip to contents

Create a policy document

Usage

aws_policy_document_create(..., .list = NULL)

Arguments

..., .list

policy statements as created by aws_policy_statement() or created manually. Pass in 1 or more statements via ... like statement1, statement2 or pass in as a list like .list = list(statement1, statement2). Each element must be a named list.

Value

a json class string. use as.character() to coerce to a regular string

Note

a document item is hard-coded:

  • Version is set to 2012-10-17"

Examples

if (FALSE) { # interactive()
st8ment1 <- aws_policy_statement("iam:GetUser", "*")
st8ment2 <- aws_policy_statement("s3:ListAllMyBuckets", "*")
st8ment3 <- aws_policy_statement("s3-object-lambda:List*", "*")
aws_policy_document_create(st8ment1, st8ment2)
aws_policy_document_create(.list = list(st8ment1, st8ment2))
aws_policy_document_create(st8ment3, .list = list(st8ment1, st8ment2))

# Policy document to give a user access to RDS
resource <- "arn:aws:rds-db:us-east-2:1234567890:dbuser:db-ABCDE1212/jane"
st8ment_rds <- aws_policy_statement(
  action = "rds-db:connect",
  resource = resource
)
aws_policy_document_create(st8ment_rds)

### DB account = user in a database that has access to it
# all DB instances & DB accounts for a AWS account and AWS Region
aws_policy_document_create(
  aws_policy_statement(
    action = "rds-db:connect",
    resource = resource_rds("*", "*")
  )
)
# all DB instances for a AWS account and AWS Region, single DB account
aws_policy_document_create(
  aws_policy_statement(
    action = "rds-db:connect",
    resource = resource_rds("jane_doe", "*")
  )
)
# single DB instasnce, single DB account
aws_policy_document_create(
  aws_policy_statement(
    action = "rds-db:connect",
    resource = resource_rds("jane_doe", "db-ABCDEFGHIJKL01234")
  )
)
# single DB instance, many users
aws_policy_document_create(
  aws_policy_statement(
    action = "rds-db:connect",
    resource = resource_rds(c("jane_doe", "mary_roe"), "db-ABCDEFGHIJKL01")
  )
)
}