Module: Jets::Cfn::Resource::Iam::BaseRoleDefinition

Included in:: ApplicationRole, ClassRole, FunctionRole

Defined in:: lib/jets/cfn/resource/iam/base_role_definition.rb

Instance Attribute Summary collapse

#managed_policy_definitions ⇒ Object readonly

Returns the value of attribute managed_policy_definitions.
#policy_definitions ⇒ Object readonly

Returns the value of attribute policy_definitions.

Instance Method Summary collapse

Instance Attribute Details

#managed_policy_definitions ⇒ `Object` (readonly)

Returns the value of attribute managed_policy_definitions.



3
4
5

# File 'lib/jets/cfn/resource/iam/base_role_definition.rb', line 3

def managed_policy_definitions
  @managed_policy_definitions
end

#policy_definitions ⇒ `Object` (readonly)

Returns the value of attribute policy_definitions.



3
4
5

# File 'lib/jets/cfn/resource/iam/base_role_definition.rb', line 3

def policy_definitions
  @policy_definitions
end

Instance Method Details

#definition ⇒ `Object`

# File 'lib/jets/cfn/resource/iam/base_role_definition.rb', line 5

def definition
  logical_id = role_logical_id

  # Do not assign pretty role_name because long controller names might hit the 64-char
  # limit. Also, IAM roles are global, so assigning role names prevents cross region deploys.
  definition = {
    logical_id => {
      Type: "AWS::IAM::Role",
      Properties: {
        Path: "/",
        AssumeRolePolicyDocument: {
          Version: "2012-10-17",
          Statement: [{
            Effect: "Allow",
            Principal: {Service: ["lambda.amazonaws.com"]},
            Action: ["sts:AssumeRole"]}
          ]
        }
      }
    }
  }

  # Add vpc permissions to all policies
  definition[logical_id][:Properties][:Policies] = [
    PolicyName: "vpc", # required, limited to 128-chars
    PolicyDocument: vpc_policy_document,
  ] if vpc_policy_document

  unless managed_policy_arns.empty?
    definition[logical_id][:Properties][:ManagedPolicyArns] = managed_policy_arns
  end

  definition
end

#managed_policy_arns ⇒ `Object`



52
53
54

# File 'lib/jets/cfn/resource/iam/base_role_definition.rb', line 52

def managed_policy_arns
  ManagedPolicy.new(@managed_policy_definitions.flatten.uniq).arns
end

#policy_document ⇒ `Object`



48
49
50

# File 'lib/jets/cfn/resource/iam/base_role_definition.rb', line 48

def policy_document
  PolicyDocument.new(@policy_definitions.flatten.uniq).policy_document
end

#vpc_policy_document ⇒ `Object`

# File 'lib/jets/cfn/resource/iam/base_role_definition.rb', line 40

def vpc_policy_document
  if Jets.config.function.vpc_config
    {
      Statement: [Jets.config.vpc_iam_policy_statement]
    }
  end
end

Module: Jets::Cfn::Resource::Iam::BaseRoleDefinition

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#managed_policy_definitions ⇒ Object (readonly)

#policy_definitions ⇒ Object (readonly)

Instance Method Details

#definition ⇒ Object

#managed_policy_arns ⇒ Object

#policy_document ⇒ Object

#vpc_policy_document ⇒ Object

#managed_policy_definitions ⇒ `Object` (readonly)

#policy_definitions ⇒ `Object` (readonly)

#definition ⇒ `Object`

#managed_policy_arns ⇒ `Object`

#policy_document ⇒ `Object`

#vpc_policy_document ⇒ `Object`