amazonka-iam-policy: Amazon IAM Policy Document DSL and Combinators.

[ aws, cloud, library, mpl, network ] [ Propose Tags ] [ Report a vulnerability ]

This library provides data types and combinators that allow you to declare, encode, and decode the IAM JSON policy language with a modicum of safety, minus any extreme type-level features.

The IAM policy documents can be safely constructed via the provided datatypes and mapped, folded, and traversed via the provided instances, combinators, and lenses. The resulting structure can then be encoded as a valid IAM JSON policy document for using with Amazon IAM and related services.

The details of what goes into a policy vary for each service, depending on what actions the service makes available, what types of resources it contains, and so on. When you're writing policies for a specific service, it's helpful to see examples of policies for that service. View the AWS Services That Work with IAM documentation for more information.

See Amazonka.IAM.Policy to get started.


[Skip to Readme]

Downloads

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees

Candidates

  • No Candidates
Versions [RSS] 0.0.1, 0.0.2, 0.0.3, 0.0.3.1, 0.0.4 (info)
Change log CHANGELOG.md
Dependencies aeson, base (>=4.7 && <5), base64-bytestring, bytestring, hashable, profunctors, scientific, text, time [details]
License MPL-2.0
Copyright Copyright (c) 2017 Brendan Hay
Author Brendan Hay
Maintainer Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Category Network, AWS, Cloud
Home page https://github.com/brendanhay/amazonka-iam-policy
Bug tracker https://github.com/brendanhay/amazonka-iam-policy/issues
Source repo head: git clone git://github.com/brendanhay/amazonka-iam-policy.git
Uploaded by BrendanHay at 2018-08-14T10:41:26Z
Distributions
Reverse Dependencies 1 direct, 0 indirect [details]
Downloads 2965 total (12 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs available [build log]
Last success reported on 2018-08-14 [all 1 reports]

Readme for amazonka-iam-policy-0.0.4

[back to package description]

Amazon IAM Policy Documents

Description

This library provides data types and combinators that allow you to declare, encode, and decode the IAM JSON policy language with a modicum of safety, minus any extreme type-level features.

The IAM policy documents can be safely constructed via the provided datatypes and mapped, folded, and traversed via the provided instances, combinators, and lenses. The resulting structure can then be encoded as a valid IAM JSON policy document for using with Amazon IAM and related services.

The details of what goes into a policy vary for each service, depending on what actions the service makes available, what types of resources it contains, and so on. When you're writing policies for a specific service, it's helpful to see examples of policies for that service. View the AWS Services That Work with IAM documentation for more information.

Example

The following example sets up S3 bucket management:

{-# LANGUAGE OverloadedLists   #-}
{-# LANGUAGE OverloadedStrings #-}

module Main (main) where

import qualified Amazonka-Iam-Policy.IAM.Policy as Policy

main :: IO ()
main =
    print . Policy.encode $
        Policy.document
            [ Policy.allow
                { Policy.action   = Policy.some ["s3:*"]
                , Policy.resource =
                    Policy.some
                        [ "arn:aws:s3:::<BUCKET-NAME>"
                        , "arn:aws:s3:::<BUCKET-NAME>/*"
                        ]
                }
            , Policy.deny
                { Policy.action   = Policy.not ["s3:*"]
                , Policy.resource =
                    Policy.not
                        [
                        , "arn:aws:s3:::<BUCKET-NAME>"
                        , "arn:aws:s3:::<BUCKET-NAME>/*"
                        ]
                }
            ]

Resulting in the following encoded IAM JSON policy document:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::<BUCKET-NAME>",
        "arn:aws:s3:::<BUCKET-NAME>/*"
      ]
    },
    {
      "Effect": "Deny",
      "NotAction": "s3:*",
      "NotResource": [
        "arn:aws:s3:::<BUCKET-NAME>",
        "arn:aws:s3:::<BUCKET-NAME>/*"
      ]
    }
  ]
}

Contribute

For any problems, comments, or feedback please create an issue here on GitHub.

Licence

amazonka-iam-policy is released under the Mozilla Public License Version 2.0.