Generator¶
-
class
jmpr.
Generator
(account: str = '*', user='${aws:username}', path='*', bucket='')¶ Bases:
object
A class used to create an AWS IAM Policy Generator Object
- Parameters
account (str) – A string to represent the target AWS account to generate permissions for (default ‘*’)
user (str) – the name of the user to generate permissions for
path (str) – the path for the user (default ‘*’)
bucket (str) – the s3 bucket to grant the user access to (default ‘’)
Methods Summary
Generates a policy allowing the user to list their own MFA devices
Generates a policy allowing the user to manage their own MFA devices
MFAAllowDeny
(effect)Generates the policy based on if MFA is allowed or denied
ManageOwnPasswords
(effect)Generates a policy allowing the user to manage their own passwords
S3ListHomeDir
(effect)Generates a policy allowing the user to list their own home S3 Bucket contents
S3ModifyHomeDir
(effect)Generates a policy allowing the user to modify their own home S3 Bucket contents
S3ViewBucketContents
(effect)Generates a policy allowing the user to view home S3 Bucket contents
S3ViewBuckets
(effect)Generates a policy allowing the user to view home S3 Buckets
ViewAccountInfo
(effect)Generates a policy allowing the user to view only their own account information
Pre-built policy that generates a dict that represents a blank IAM policy document
enforceMFA
([enforce_state])Pre-built policy that generates a MFA policy based on the enforce_state argument
policyDiff
(policy1, policy2)compares two policies to determine if they are the same or not
Pre-built policy that generates a S3 home directory policy that allows the following actions:
Pre-built policy that generates a self service policy that allows the following actions:
Methods Documentation
-
IndividualUserToListOnlyTheirOwnMFA
(effect)¶ Generates a policy allowing the user to list their own MFA devices
- Parameters
{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)
- Returns
[dict] – A dict representing a dynamic policy allowing the user to list their own MFA devices
-
IndividualUserToManageTheirOwnMFA
(effect)¶ Generates a policy allowing the user to manage their own MFA devices
- Parameters
{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)
- Returns
[dict] – A dict representing a dynamic policy allowing the user to list their own MFA devices
-
MFAAllowDeny
(effect)¶ Generates the policy based on if MFA is allowed or denied
- Parameters
{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)
- Returns
[dict] – A dict representing a dynamic policy base on if MFA is allowed or denied
-
ManageOwnPasswords
(effect)¶ Generates a policy allowing the user to manage their own passwords
- Parameters
{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)
- Returns
A dict representing a dynamic policy allowing the user to manage their own passwords
-
S3ListHomeDir
(effect)¶ Generates a policy allowing the user to list their own home S3 Bucket contents
- Parameters
{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)
- Returns
[dict] – A dict representing a dynamic policy allowing the user to list their own home S3 Bucket contents
-
S3ModifyHomeDir
(effect)¶ Generates a policy allowing the user to modify their own home S3 Bucket contents
- Parameters
{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)
- Returns
[dict] – A dict representing a dynamic policy allowing the user to modify their own home S3 Bucket contents
-
S3ViewBucketContents
(effect)¶ Generates a policy allowing the user to view home S3 Bucket contents
- Parameters
{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)
- Returns
[dict] – A dict representing a dynamic policy allowing the user to view home S3 bucket contents
-
S3ViewBuckets
(effect)¶ Generates a policy allowing the user to view home S3 Buckets
- Parameters
{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)
- Returns
[dict] – A dict representing a dynamic policy allowing the user to view home S3 buckets
-
ViewAccountInfo
(effect)¶ Generates a policy allowing the user to view only their own account information
- Parameters
{str} -- Whether to allow or deny the given actions (default (effect) – ‘Deny’)
- Returns
[dict] – A dict representing a dynamic policy allowing the user to view only their own account information
-
blank_policy
()¶ Pre-built policy that generates a dict that represents a blank IAM policy document
- Returns
dict – a dict representing a blank policy document
-
enforceMFA
(enforce_state=True)¶ Pre-built policy that generates a MFA policy based on the enforce_state argument
- Keyword Arguments
{bool} -- Whether to generate a policy enforcing MFA or allowing no MFA (default (enforce_state) – {True})
- Returns
dict – a dict representing the MFA policy
-
policyDiff
(policy1, policy2)¶ compares two policies to determine if they are the same or not
- Parameters
{[dict]} -- An initial policy (policy1) –
{[dict]} -- A policy to compare to the first policy (policy2) –
- Returns
[bool] – If the polices are the same False is returned. If they are different True is returned
-
s3_home_dir_policy
()¶ - Pre-built policy that generates a S3 home directory policy that allows the following actions:
S3ViewBuckets
S3ViewBucketContents
S3ListHomeDir
S3ModifyHomeDir
- Returns
dict – a dict representing the S3 home directory policy
-
self_service_policy
()¶ - Pre-built policy that generates a self service policy that allows the following actions:
ViewAccountInfo
ManageOwnPasswords
IndividualUserToListOnlyTheirOwnMFA
IndividualUserToManageTheirOwnMFA
- Returns
dict – a dict representing the self service policy document