policy#

State module for managing Amazon IAM Policies.

async idem_aws.states.aws.iam.policy.present(hub, ctx, name: str, policy_document: ~typing.Dict, resource_id: str = None, path: str = '/', description: str = None, tags: ~typing.Dict[str, ~typing.Any] = None, timeout: ~types.Timeout configuration for AWS IAM Policy.Timeout = None) Dict[str, Any][source]#

Creates or updates an AWS IAM Policy.

When creating a policy, this operation creates a policy version with a version identifier of v1 and sets v1 as the policy’s default version. When updating a policy, this operation creates a new policy version, sets the new policy to the default version, and deletes the old policy.

Parameters:
  • name (str) – The name of the IAM Policy.

  • policy_document (dict or str) – The JSON policy document that you want to use as the content for the new policy. You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

  • resource_id (str, Optional) – The Amazon Resource Name (ARN) of the IAM policy in Amazon Web Services.

  • path (str, Optional) – The path for the policy. This parameter is optional. If it is not included, it defaults to a slash (/).

  • description (str, Optional) – A friendly description of the policy.

  • tags (dict or list, Optional) –

    Dict in the format of {tag-key: tag-value} or List of tags in the format of [{"Key": tag-key, "Value": tag-value}] to associate with the policy.

    • Key (str):

      The key of the tag.

    • Value (str):

      The value of the tag.

  • timeout (dict, Optional) –

    Timeout configuration for AWS IAM Policy.

    • create (dict, Optional):

      Timeout configuration when creating an AWS IAM Policy.

      • delay (int, Optional):

        The amount of time in seconds to wait between attempts. Default value is 1.

      • max_attempts (int, Optional):

        Max attempts of waiting for change. Default value is 40.

    • update (dict, Optional):

      Timeout configuration when updating an AWS IAM Policy.

      • delay (int, Optional):

        The amount of time in seconds to wait between attempts. Default value is 1.

      • max_attempts (int, Optional):

        Max attempts of waiting for change. Default value is 40.

Request Syntax:
[idem_test_aws_iam_policy]:
  aws.iam.policy.present:
    - name: 'string'
    - resource_id: 'string'
    - policy_document: 'dict' or 'string'
    - path: 'string'
    - description: 'string'
    - tags:
        - Key: 'string'
          Value: 'string'
    - timeout:
        create:
          delay: int
          max_attemps: int
        update:
          delay: int
          max_attemps: int
Returns:

Dict[str, Any]

Examples

idem_test_aws_iam_policy:
  aws.iam.policy.present:
    - name: 'idem_test_iam_policy'
    - policy_document:
        Version: '2012-10-17'
        Statement:
          - Sid: 'AllowCreateSubnet'
            Effect: 'Allow'
            Action: ['ec2:CreateSubnet']
            Resource: '*'
    - path: '/'
    - description: 'My IAM Policy'
    - tags:
        - Key: 'provider'
          Value: 'idem'
async idem_aws.states.aws.iam.policy.absent(hub, ctx, name: str, resource_id: str = None) Dict[str, Any][source]#

Deletes the specified AWS IAM Policy.

Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that it is attached to. In addition, you must delete all the policy’s versions. The following steps describe the process for deleting a managed policy:

  • Detach the policy from all users, groups, and roles that the policy is attached to.

  • Delete all versions of the policy.

  • Delete the policy (this automatically deletes the policy’s default version).

Parameters:
  • name (str) – The name of the IAM Policy.

  • resource_id (str, Optional) –

    The Amazon Resource Name (ARN) of the IAM policy in Amazon Web Services.

    Warning

    Idem automatically considers this resource being absent if this field is not specified.

Request Syntax:
[idem_test_aws_iam_policy]:
  aws.iam.policy.absent:
    - name: 'string'
    - resource_id: 'string'
Returns:

Dict[str, Any]

Examples

idem_test_aws_iam_policy:
  aws.iam.policy:
    - name: 'idem_test_iam_policy'
    - resource_id: 'arn:aws:iam::123456789012:policy/idem_test_iam_policy'
async idem_aws.states.aws.iam.policy.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describes IAM Local Policies in a way that can be recreated/managed with the corresponding “present” function.

Returns:

Dict[str, Dict[str, Any]]

Examples

$ idem describe aws.iam.policy