Generator

class jmpr.Generator(account: str = '*', user='${aws:username}', path='*', bucket='')

Bases: object

A class used to create an AWS IAM Policy Generator Object

Parameters

  • account (str) – A string to represent the target AWS account to generate permissions for (default ‘*’)

  • user (str) – the name of the user to generate permissions for

  • path (str) – the path for the user (default ‘*’)

  • bucket (str) – the s3 bucket to grant the user access to (default ‘’)

Methods Summary

IndividualUserToListOnlyTheirOwnMFA(effect)

Generates a policy allowing the user to list their own MFA devices

IndividualUserToManageTheirOwnMFA(effect)

Generates a policy allowing the user to manage their own MFA devices

MFAAllowDeny(effect)

Generates the policy based on if MFA is allowed or denied

ManageOwnPasswords(effect)

Generates a policy allowing the user to manage their own passwords

S3ListHomeDir(effect)

Generates a policy allowing the user to list their own home S3 Bucket contents

S3ModifyHomeDir(effect)

Generates a policy allowing the user to modify their own home S3 Bucket contents

S3ViewBucketContents(effect)

Generates a policy allowing the user to view home S3 Bucket contents

S3ViewBuckets(effect)

Generates a policy allowing the user to view home S3 Buckets

ViewAccountInfo(effect)

Generates a policy allowing the user to view only their own account information

blank_policy()

Pre-built policy that generates a dict that represents a blank IAM policy document

enforceMFA([enforce_state])

Pre-built policy that generates a MFA policy based on the enforce_state argument

policyDiff(policy1, policy2)

compares two policies to determine if they are the same or not

s3_home_dir_policy()

Pre-built policy that generates a S3 home directory policy that allows the following actions:

self_service_policy()

Pre-built policy that generates a self service policy that allows the following actions:

Methods Documentation

IndividualUserToListOnlyTheirOwnMFA(effect)

Generates a policy allowing the user to list their own MFA devices

Parameters

{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)

Returns

[dict] – A dict representing a dynamic policy allowing the user to list their own MFA devices

IndividualUserToManageTheirOwnMFA(effect)

Generates a policy allowing the user to manage their own MFA devices

Parameters

{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)

Returns

[dict] – A dict representing a dynamic policy allowing the user to list their own MFA devices

MFAAllowDeny(effect)

Generates the policy based on if MFA is allowed or denied

Parameters

{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)

Returns

[dict] – A dict representing a dynamic policy base on if MFA is allowed or denied

ManageOwnPasswords(effect)

Generates a policy allowing the user to manage their own passwords

Parameters

{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)

Returns

A dict representing a dynamic policy allowing the user to manage their own passwords

S3ListHomeDir(effect)

Generates a policy allowing the user to list their own home S3 Bucket contents

Parameters

{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)

Returns

[dict] – A dict representing a dynamic policy allowing the user to list their own home S3 Bucket contents

S3ModifyHomeDir(effect)

Generates a policy allowing the user to modify their own home S3 Bucket contents

Parameters

{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)

Returns

[dict] – A dict representing a dynamic policy allowing the user to modify their own home S3 Bucket contents

S3ViewBucketContents(effect)

Generates a policy allowing the user to view home S3 Bucket contents

Parameters

{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)

Returns

[dict] – A dict representing a dynamic policy allowing the user to view home S3 bucket contents

S3ViewBuckets(effect)

Generates a policy allowing the user to view home S3 Buckets

Parameters

{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)

Returns

[dict] – A dict representing a dynamic policy allowing the user to view home S3 buckets

ViewAccountInfo(effect)

Generates a policy allowing the user to view only their own account information

Parameters

{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)

Returns

[dict] – A dict representing a dynamic policy allowing the user to view only their own account information

blank_policy()

Pre-built policy that generates a dict that represents a blank IAM policy document

Returns

dict – a dict representing a blank policy document

enforceMFA(enforce_state=True)

Pre-built policy that generates a MFA policy based on the enforce_state argument

Keyword Arguments

{bool} -- Whether to generate a policy enforcing MFA or allowing no MFA (default (enforce_state) – {True})

Returns

dict – a dict representing the MFA policy

policyDiff(policy1, policy2)

compares two policies to determine if they are the same or not

Parameters

  • {[dict]} -- An initial policy (policy1) –

  • {[dict]} -- A policy to compare to the first policy (policy2) –

Returns

[bool] – If the polices are the same False is returned. If they are different True is returned

s3_home_dir_policy()
Pre-built policy that generates a S3 home directory policy that allows the following actions:

  • S3ViewBuckets

  • S3ViewBucketContents

  • S3ListHomeDir

  • S3ModifyHomeDir

Returns

dict – a dict representing the S3 home directory policy

self_service_policy()
Pre-built policy that generates a self service policy that allows the following actions:

  • ViewAccountInfo

  • ManageOwnPasswords

  • IndividualUserToListOnlyTheirOwnMFA

  • IndividualUserToManageTheirOwnMFA

Returns

dict – a dict representing the self service policy document