Skip to content

Commit c5a60ab

Browse files
simalexanbrettstack
simalexan
authored and
brettstack
committed
feat(policy-template): add MobileAnalyticsWriteOnlyAccessPolicy and PinpointEndpointAccessPolicy policy templates (aws#408)
1 parent fc92744 commit c5a60ab

File tree

6 files changed

+209
-0
lines changed

6 files changed

+209
-0
lines changed

docs/policy_templates_data/policy_templates.json

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1133,6 +1133,51 @@
11331133
}]
11341134
}
11351135
},
1136+
"MobileAnalyticsWriteOnlyAccessPolicy": {
1137+
"Description": "Gives write only permissions to put event data for all application resources",
1138+
"Parameters": {},
1139+
"Definition": {
1140+
"Statement": [
1141+
{
1142+
"Effect": "Allow",
1143+
"Action": [
1144+
"mobileanalytics:PutEvents"
1145+
],
1146+
"Resource": "*"
1147+
}
1148+
]
1149+
}
1150+
},
1151+
"PinpointEndpointAccessPolicy": {
1152+
"Description": "Gives permissions to get and update endpoints for a Pinpoint application",
1153+
"Parameters": {
1154+
"PinpointApplicationId": {
1155+
"Description": "The id of your Pinpoint application"
1156+
}
1157+
},
1158+
"Definition": {
1159+
"Statement": [
1160+
{
1161+
"Effect": "Allow",
1162+
"Action": [
1163+
"mobiletargeting:GetEndpoint",
1164+
"mobiletargeting:UpdateEndpoint",
1165+
"mobiletargeting:UpdateEndpointsBatch"
1166+
],
1167+
"Resource": {
1168+
"Fn::Sub": [
1169+
"arn:${AWS::Partition}:mobiletargeting:${AWS::Region}:${AWS::AccountId}:apps/${pinpointApplicationId}/endpoints/*",
1170+
{
1171+
"pinpointApplicationId": {
1172+
"Ref": "PinpointApplicationId"
1173+
}
1174+
}
1175+
]
1176+
}
1177+
}
1178+
]
1179+
}
1180+
},
11361181
"FirehoseWritePolicy": {
11371182
"Description": "Gives permission to write to a Kinesis Firehose Delivery Stream",
11381183
"Parameters": {

samtranslator/policy_templates_data/policy_templates.json

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1156,6 +1156,53 @@
11561156
]
11571157
}
11581158
},
1159+
"MobileAnalyticsWriteOnlyAccessPolicy": {
1160+
"Description": "Gives write only permissions to put event data for all application resources",
1161+
"Parameters": {
1162+
1163+
},
1164+
"Definition": {
1165+
"Statement": [
1166+
{
1167+
"Effect": "Allow",
1168+
"Action": [
1169+
"mobileanalytics:PutEvents"
1170+
],
1171+
"Resource": "*"
1172+
}
1173+
]
1174+
}
1175+
},
1176+
"PinpointEndpointAccessPolicy": {
1177+
"Description": "Gives permissions to get and update endpoints for a Pinpoint application",
1178+
"Parameters": {
1179+
"PinpointApplicationId": {
1180+
"Description": "The id of your Pinpoint application"
1181+
}
1182+
},
1183+
"Definition": {
1184+
"Statement": [
1185+
{
1186+
"Effect": "Allow",
1187+
"Action": [
1188+
"mobiletargeting:GetEndpoint",
1189+
"mobiletargeting:UpdateEndpoint",
1190+
"mobiletargeting:UpdateEndpointsBatch"
1191+
],
1192+
"Resource": {
1193+
"Fn::Sub": [
1194+
"arn:${AWS::Partition}:mobiletargeting:${AWS::Region}:${AWS::AccountId}:apps/${pinpointApplicationId}/endpoints/*",
1195+
{
1196+
"pinpointApplicationId": {
1197+
"Ref": "PinpointApplicationId"
1198+
}
1199+
}
1200+
]
1201+
}
1202+
}
1203+
]
1204+
}
1205+
},
11591206
"FirehoseWritePolicy": {
11601207
"Description": "Gives permission to write to a Kinesis Firehose Delivery Stream",
11611208
"Parameters": {

tests/translator/input/all_policy_templates.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,3 +113,8 @@ Resources:
113113

114114
- AWSSecretsManagerRotationPolicy:
115115
FunctionName: function
116+
117+
- MobileAnalyticsWriteOnlyAccessPolicy: {}
118+
119+
- PinpointEndpointAccessPolicy:
120+
PinpointApplicationId: id

tests/translator/output/all_policy_templates.json

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -950,6 +950,43 @@
950950
}
951951
]
952952
}
953+
},
954+
{
955+
"PolicyName": "KitchenSinkFunctionRolePolicy37",
956+
"PolicyDocument": {
957+
"Statement": [
958+
{
959+
"Action": [
960+
"mobileanalytics:PutEvents"
961+
],
962+
"Resource": "*",
963+
"Effect": "Allow"
964+
}
965+
]
966+
}
967+
},
968+
{
969+
"PolicyName": "KitchenSinkFunctionRolePolicy38",
970+
"PolicyDocument": {
971+
"Statement": [
972+
{
973+
"Action": [
974+
"mobiletargeting:GetEndpoint",
975+
"mobiletargeting:UpdateEndpoint",
976+
"mobiletargeting:UpdateEndpointsBatch"
977+
],
978+
"Resource": {
979+
"Fn::Sub": [
980+
"arn:${AWS::Partition}:mobiletargeting:${AWS::Region}:${AWS::AccountId}:apps/${pinpointApplicationId}/endpoints/*",
981+
{
982+
"pinpointApplicationId": "id"
983+
}
984+
]
985+
},
986+
"Effect": "Allow"
987+
}
988+
]
989+
}
953990
}
954991
],
955992
"AssumeRolePolicyDocument": {

tests/translator/output/aws-cn/all_policy_templates.json

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -950,6 +950,43 @@
950950
}
951951
]
952952
}
953+
},
954+
{
955+
"PolicyName": "KitchenSinkFunctionRolePolicy37",
956+
"PolicyDocument": {
957+
"Statement": [
958+
{
959+
"Action": [
960+
"mobileanalytics:PutEvents"
961+
],
962+
"Resource": "*",
963+
"Effect": "Allow"
964+
}
965+
]
966+
}
967+
},
968+
{
969+
"PolicyName": "KitchenSinkFunctionRolePolicy38",
970+
"PolicyDocument": {
971+
"Statement": [
972+
{
973+
"Action": [
974+
"mobiletargeting:GetEndpoint",
975+
"mobiletargeting:UpdateEndpoint",
976+
"mobiletargeting:UpdateEndpointsBatch"
977+
],
978+
"Resource": {
979+
"Fn::Sub": [
980+
"arn:${AWS::Partition}:mobiletargeting:${AWS::Region}:${AWS::AccountId}:apps/${pinpointApplicationId}/endpoints/*",
981+
{
982+
"pinpointApplicationId": "id"
983+
}
984+
]
985+
},
986+
"Effect": "Allow"
987+
}
988+
]
989+
}
953990
}
954991
],
955992
"AssumeRolePolicyDocument": {

tests/translator/output/aws-us-gov/all_policy_templates.json

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -950,6 +950,44 @@
950950
}
951951
]
952952
}
953+
},
954+
{
955+
"PolicyName": "KitchenSinkFunctionRolePolicy37",
956+
"PolicyDocument": {
957+
"Statement": [
958+
{
959+
"Action": [
960+
"mobileanalytics:PutEvents"
961+
],
962+
"Resource": "*",
963+
"Effect": "Allow"
964+
}
965+
]
966+
}
967+
},
968+
{
969+
"PolicyName": "KitchenSinkFunctionRolePolicy38",
970+
"PolicyDocument": {
971+
"Statement": [
972+
{
973+
"Action": [
974+
"mobiletargeting:GetEndpoint",
975+
"mobiletargeting:UpdateEndpoint",
976+
"mobiletargeting:UpdateEndpointsBatch"
977+
],
978+
"Resource": {
979+
"Fn::Sub": [
980+
"arn:${AWS::Partition}:mobiletargeting:${AWS::Region}:${AWS::AccountId}:apps/${pinpointApplicationId}/endpoints/*",
981+
{
982+
"pinpointApplicationId": "id"
983+
}
984+
]
985+
}
986+
,
987+
"Effect": "Allow"
988+
}
989+
]
990+
}
953991
}
954992
],
955993
"AssumeRolePolicyDocument": {

0 commit comments

Comments
 (0)