logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

VM::EC2::Security::Policy -- Simple IAM policy generator for EC2

Contents

Author

       Lincoln Stein <lincoln.stein@gmail.com>.

       Copyright (c) 2011 Ontario Institute for Cancer Research

       This package and its accompanying libraries is free software; you can redistribute it and/or modify it
       under the terms of the GPL (either version 1, or at your option, any later version) or the Artistic
       License 2.0.  Refer to LICENSE for the full license text. In addition, please see DISCLAIMER.txt for
       disclaimers of warranty.

perl v5.38.2                                       2024-08-10                     VM::EC2::Security::Policy(3pm)

Description

       This is a very simple Identity and Access Management (IAM) policy statement generator that works
       sufficiently well to create policies to control access EC2 resources. It is not fully general across all
       AWS services.

Methods

       This section describes the methods available to VM::EC2::Security::Policy. You will create a new, empty,
       policy using new(), grant access to EC2 actions using allow(), and deny access to EC2 actions using
       deny(). When you are done, either call as_string(), or just use the policy object in a string context, to
       get a properly-formatted policy string.

       allow() and deny() return the modified object, allowing you to chain methods. For example:

        my $p = VM::EC2::Security::Policy->new
                    ->allow('Describe*')
                    ->deny('DescribeImages','DescribeInstances');
        print $p;

   $policy=VM::EC2::Security::Policy->new()
       This class method creates a new, empty policy object. The default policy object denies all access to EC2
       resources.

   $policy->allow('action1','action2','action3',...)
       Grant access to the listed EC2 actions. You may specify actions using Amazon's MixedCase notation (e.g.
       "DescribeInstances"), or using VM::EC2's more Perlish underscore notation (e.g. "describe_instances").
       You can find the list of actions in VM::EC2, or in the Amazon API documentation at
       http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/OperationList-query.html.

       The "*" wildcard allows you to indicate a series of matching operations. For example, to allow all
       Describe operations:

        $policy->allow('Describe*')

       As described earlier, allow() returns the object, making it easy to chain methods.

   $policy->deny('action1','action2','action3',...)
       Similar to allow(), but in this case denies access to certain actions. Deny statements take precedence
       over allow statements.

       As described earlier, deny() returns the object, making it easy to chain methods.

   $string=$policy->as_string
       Converts the policy into a JSON string that can be passed to VM::EC2->get_federation_token(), or other
       AWS libraries.

Name

       VM::EC2::Security::Policy -- Simple IAM policy generator for EC2

See Also

       VM::EC2 VM::EC2::Generic

String Overloading

       When used in a string context, this object will interpolate into the policy JSON string using
       as_string().

Synopsis

        my $policy = VM::EC2::Security::Policy->new;
        $policy->allow('Describe*','CreateVolume','delete_volume');
        $policy->deny('DescribeVolumes');
        print $policy->as_string;

See Also

Man Pages
policy Man Pages
String
String PNG Icons
Man Pages
SVN::Hooks::DenyChanges Man Pages
Man Pages
security Man Pages
Accessible
Accessible PNG Icons
Man Pages
object Man Pages
Man Pages
Using Man Pages
Man Pages
labwc Man Pages
Man Pages
METHODS Man Pages
← View Library functions Category← Back to Standard io buffering🙏  Credits & Acknowledgments