Create a policy document
Arguments
- ..., .list
policy statements as created by
aws_policy_statement()or created manually. Pass in 1 or more statements via...likestatement1, statement2or pass in as a list like.list = list(statement1, statement2). Each element must be a named list.
Value
a json class string. use as.character() to coerce to a regular
string
References
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html # nolint
Examples
if (FALSE) { # interactive()
st8ment1 <- aws_policy_statement("iam:GetUser", "*")
st8ment2 <- aws_policy_statement("s3:ListAllMyBuckets", "*")
st8ment3 <- aws_policy_statement("s3-object-lambda:List*", "*")
aws_policy_document_create(st8ment1, st8ment2)
aws_policy_document_create(.list = list(st8ment1, st8ment2))
aws_policy_document_create(st8ment3, .list = list(st8ment1, st8ment2))
# Policy document to give a user access to RDS
resource <- "arn:aws:rds-db:us-east-2:1234567890:dbuser:db-ABCDE1212/jane"
st8ment_rds <- aws_policy_statement(
action = "rds-db:connect",
resource = resource
)
aws_policy_document_create(st8ment_rds)
### DB account = user in a database that has access to it
# all DB instances & DB accounts for a AWS account and AWS Region
aws_policy_document_create(
aws_policy_statement(
action = "rds-db:connect",
resource = resource_rds("*", "*")
)
)
# all DB instances for a AWS account and AWS Region, single DB account
aws_policy_document_create(
aws_policy_statement(
action = "rds-db:connect",
resource = resource_rds("jane_doe", "*")
)
)
# single DB instasnce, single DB account
aws_policy_document_create(
aws_policy_statement(
action = "rds-db:connect",
resource = resource_rds("jane_doe", "db-ABCDEFGHIJKL01234")
)
)
# single DB instance, many users
aws_policy_document_create(
aws_policy_statement(
action = "rds-db:connect",
resource = resource_rds(c("jane_doe", "mary_roe"), "db-ABCDEFGHIJKL01")
)
)
}