Module: Jets::Cfn::Resource::Iam::BaseRoleDefinition
- Included in:
- ApplicationRole, ClassRole, FunctionRole
- Defined in:
- lib/jets/cfn/resource/iam/base_role_definition.rb
Instance Attribute Summary collapse
-
#managed_policy_definitions ⇒ Object
readonly
Returns the value of attribute managed_policy_definitions.
-
#policy_definitions ⇒ Object
readonly
Returns the value of attribute policy_definitions.
Instance Method Summary collapse
- #definition ⇒ Object
- #managed_policy_arns ⇒ Object
- #policy_document ⇒ Object
- #vpc_policy_document ⇒ Object
Instance Attribute Details
#managed_policy_definitions ⇒ Object (readonly)
Returns the value of attribute managed_policy_definitions.
3 4 5 |
# File 'lib/jets/cfn/resource/iam/base_role_definition.rb', line 3 def managed_policy_definitions @managed_policy_definitions end |
#policy_definitions ⇒ Object (readonly)
Returns the value of attribute policy_definitions.
3 4 5 |
# File 'lib/jets/cfn/resource/iam/base_role_definition.rb', line 3 def policy_definitions @policy_definitions end |
Instance Method Details
#definition ⇒ Object
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'lib/jets/cfn/resource/iam/base_role_definition.rb', line 5 def definition logical_id = role_logical_id # Do not assign pretty role_name because long controller names might hit the 64-char # limit. Also, IAM roles are global, so assigning role names prevents cross region deploys. definition = { logical_id => { Type: "AWS::IAM::Role", Properties: { Path: "/", AssumeRolePolicyDocument: { Version: "2012-10-17", Statement: [{ Effect: "Allow", Principal: {Service: ["lambda.amazonaws.com"]}, Action: ["sts:AssumeRole"]} ] } } } } # Add vpc permissions to all policies definition[logical_id][:Properties][:Policies] = [ PolicyName: "vpc", # required, limited to 128-chars PolicyDocument: vpc_policy_document, ] if vpc_policy_document unless managed_policy_arns.empty? definition[logical_id][:Properties][:ManagedPolicyArns] = managed_policy_arns end definition end |
#managed_policy_arns ⇒ Object
52 53 54 |
# File 'lib/jets/cfn/resource/iam/base_role_definition.rb', line 52 def managed_policy_arns ManagedPolicy.new(@managed_policy_definitions.flatten.uniq).arns end |
#policy_document ⇒ Object
48 49 50 |
# File 'lib/jets/cfn/resource/iam/base_role_definition.rb', line 48 def policy_document PolicyDocument.new(@policy_definitions.flatten.uniq).policy_document end |