diff options
| author | Will Thames <will@thames.id.au> | 2017-07-14 14:50:55 +1000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-07-14 14:50:55 +1000 |
| commit | 0ed1c3ba9c8ebb51f776a45ca158e3d2c546860f (patch) | |
| tree | e82982981c0cefe92245a3c05e6732b425157f3b /hacking/aws_config/testing_policies/ecr-policy.json | |
| parent | 4f01a323a0516a54aeb6745c22506d6b2fff22b0 (diff) | |
| download | ansible-0ed1c3ba9c8ebb51f776a45ca158e3d2c546860f.tar.gz | |
Split up testing IAM policies and automate creating them (#26223)
* Split up testing IAM policies and automate creating them
Move to managed policies to avoid the 5KB limit on policies
for an IAM entity.
The policy file is templated, so need to make sure that there
is an easy mechanism to populate the templates and push the
new policies.
* Update IAM policies for ec2_scaling_policy tests
* Fix RouteTable policies
DescribeRouteTable should be plural
ModifyRouteTable does not exist, but ReplaceRouteTableAssociation
does.
* Some IAM policies do not allow specified Resources
Various IAM policies do not allow Resources
to be specified and should just use `*`. This differs
per service
* [Autoscaling](http://docs.aws.amazon.com/autoscaling/latest/userguide/control-access-using-iam.html#policy-auto-scaling-resources)
* [EC2](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ec2-api-permissions.html#ec2-api-unsupported-resource-permissions)
* [ECR](http://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-supported-iam-actions-resources.html)
* [ELB](http://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html)
* Finish fixing AWS IAM resource specifications for testing
Update Lambda and RDS policies
Diffstat (limited to 'hacking/aws_config/testing_policies/ecr-policy.json')
| -rw-r--r-- | hacking/aws_config/testing_policies/ecr-policy.json | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/hacking/aws_config/testing_policies/ecr-policy.json b/hacking/aws_config/testing_policies/ecr-policy.json new file mode 100644 index 0000000000..db8204a302 --- /dev/null +++ b/hacking/aws_config/testing_policies/ecr-policy.json @@ -0,0 +1,28 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "UnspecifiedCodeRepositories", + "Effect": "Allow", + "Action": [ + "ecr:DescribeRepositories", + "ecr:CreateRepository" + ], + "Resource": "*" + }, + { + "Sid": "SpecifiedCodeRepositories", + "Effect": "Allow", + "Action": [ + "ecr:GetRepositoryPolicy", + "ecr:SetRepositoryPolicy", + "ecr:DeleteRepository", + "ecr:DeleteRepositoryPolicy", + "ecr:DeleteRepositoryPolicy" + ], + "Resource": [ + "arn:aws:ecr:{{aws_region}}:{{aws_account}}:repository/ansible-*" + ] + } + ] +} |