-
-
Save toddlers/0e699b7dc38b9c118b02be61d413c859 to your computer and use it in GitHub Desktop.
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "VisualEditor0", | |
"Effect": "Allow", | |
"Action": "ec2:RunInstances", | |
"Resource": [ | |
"arn:aws:ec2:us-east-2::instance/", | |
"arn:aws:ec2:us-east-2::network-interface/", | |
"arn:aws:ec2:us-east-2::key-pair/", | |
"arn:aws:ec2:us-east-2::security-group/", | |
"arn:aws:ec2:us-east-2::subnet/", | |
"arn:aws:ec2:us-east-2::volume/", | |
"arn:aws:ec2:us-east-2::image/ami-" | |
], | |
"Condition": { | |
"ForAllValues:NumericLessThanEquals": { | |
"ec2:VolumeSize": "20" | |
}, | |
"ForAllValues:StringEquals": { | |
"ec2:InstanceType": "t2.micro" | |
} | |
} | |
}, | |
{ | |
"Sid": "VisualEditor1", | |
"Effect": "Allow", | |
"Action": [ | |
"ec2:TerminateInstances", | |
"ec2:StartInstances", | |
"ec2:StopInstances" | |
], | |
"Resource": "arn:aws:ec2:us-east-2::instance/", | |
"Condition": { | |
"ForAllValues:StringEquals": { | |
"ec2:InstanceType": "t2.micro" | |
} | |
} | |
}, | |
{ | |
"Sid": "VisualEditor2", | |
"Effect": "Allow", | |
"Action": [ | |
"ec2:Describe*", | |
"ec2:GetConsole*", | |
"cloudwatch:DescribeAlarms", | |
"iam:ListInstanceProfiles", | |
"cloudwatch:GetMetricStatistics", | |
"ec2:DescribeKeyPairs", | |
"ec2:CreateKeyPair" | |
], | |
"Resource": "*", | |
"Condition": { | |
"DateGreaterThan": { | |
"aws:CurrentTime": "2020-06-30T23:59:59Z" | |
}, | |
"DateLessThanEquals": { | |
"aws:CurrentTime": "2020-04-01T00:00:00Z" | |
} | |
} | |
} | |
] | |
} |
This is my policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": [
"arn:aws:ec2:{{region}}::instance/",
"arn:aws:ec2:{{region}}::network-interface/",
"arn:aws:ec2:{{region}}::key-pair/",
"arn:aws:ec2:{{region}}::security-group/",
"arn:aws:ec2:{{region}}::subnet/",
"arn:aws:ec2:{{region}}::volume/",
"arn:aws:ec2:{{region}}::image/ami-"
],
"Condition": {
"ForAllValues:NumericLessThanEquals": {
"ec2:VolumeSize": "{{ebs_volume_size}}"
},
"ForAllValues:StringEquals": {
"ec2:InstanceType": "{{instance_type}}"
}
}
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"ec2:TerminateInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "arn:aws:ec2:{{region}}::instance/",
"Condition": {
"ForAllValues:StringEquals": {
"ec2:InstanceType": "{{instance_type}}"
}
}
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"ec2:GetConsole*",
"cloudwatch:DescribeAlarms",
"iam:ListInstanceProfiles",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeKeyPairs",
"ec2:CreateKeyPair"
],
"Resource": "*",
"Condition": {
"DateGreaterThan": {
"aws:CurrentTime": "{{start_time}}"
},
"DateLessThanEquals": {
"aws:CurrentTime": "{{end_time}}"
}
}
}
]
}
this is your policy remove the part ec2_policy_meta_template =
I can't remove the ec2_policy_meta_template because
I have a python function which will fill in the attributes, this is the function from another python file:
Global variables
###########################
region="us-east-2"
instance_type="t2.micro"
ebs_volume_size="20"
meta_template_name="ec2_policy_meta_template"
###############################
start_time_1 = input("What's the start time")
end_time1 = input("What's the end time")
def create_aws_iam_policy_template(**kwargs):
template_data = {}
template_data["region"] = kwargs.get('region')
template_data["start_time"] = kwargs.get('end_time')
template_data["end_time"] = kwargs.get('start_time')
template_data["instance_type"] = kwargs.get('instance_type')
template_data["ebs_volume_size"] = kwargs.get('ebs_volume_size')
template_data["meta_template_name"] = kwargs.get('meta_template_name')
meta_template_dict = getattr(meta_templates, template_data["meta_template_name"])
meta_template_json = json.dumps(meta_template_dict)
template_json = Template(meta_template_json).render(template_data)
return template_json
template_json = create_aws_iam_policy_template(
region=region,
instance_type=instance_type,
ebs_volume_size=ebs_volume_size,
meta_template_name=meta_template_name,
start_time = start_time_1,
end_time = end_time1
)
app_json = json.dumps(template_json)
print(app_json)
#Create IAM policy
response = iam.create_policy(
PolicyName='GoodPolicy',
PolicyDocument=json.dumps(template_json)
)
Global variables
###########################
region="us-east-2"
instance_type="t2.micro"
ebs_volume_size="20"
meta_template_name="ec2_policy_meta_template"
###############################
start_time_1 = input("What's the start time")
end_time1 = input("What's the end time")
def create_aws_iam_policy_template(**kwargs):
template_data = {}
template_data["region"] = kwargs.get('region')
template_data["start_time"] = kwargs.get('end_time')
template_data["end_time"] = kwargs.get('start_time')
template_data["instance_type"] = kwargs.get('instance_type')
template_data["ebs_volume_size"] = kwargs.get('ebs_volume_size')
template_data["meta_template_name"] = kwargs.get('meta_template_name')
meta_template_dict = getattr(meta_templates, template_data["meta_template_name"])
meta_template_json = json.dumps(meta_template_dict)
template_json = Template(meta_template_json).render(template_data)
return template_json
template_json = create_aws_iam_policy_template(
region=region,
instance_type=instance_type,
ebs_volume_size=ebs_volume_size,
meta_template_name=meta_template_name,
start_time = start_time_1,
end_time = end_time1
)
app_json = json.dumps(template_json)
print(app_json)
#Create IAM policy
response = iam.create_policy(
PolicyName='GoodPolicy',
PolicyDocument=json.dumps(app_json)
)
"{"Version": "2012-10-17", "Statement": [{"Sid": "VisualEditor0", "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": ["arn:aws:ec2:us-east-2::instance/", "arn:aws:ec2:us-east-2::network-interface/", "arn:aws:ec2:us-east-2::key-pair/", "arn:aws:ec2:us-east-2::security-group/", "arn:aws:ec2:us-east-2::subnet/", "arn:aws:ec2:us-east-2::volume/", "arn:aws:ec2:us-east-2::image/ami-"], "Condition": {"ForAllValues:NumericLessThanEquals": {"ec2:VolumeSize": "20"}, "ForAllValues:StringEquals": {"ec2:InstanceType": "t2.micro"}}}, {"Sid": "VisualEditor1", "Effect": "Allow", "Action": ["ec2:TerminateInstances", "ec2:StartInstances", "ec2:StopInstances"], "Resource": "arn:aws:ec2:us-east-2::instance/", "Condition": {"ForAllValues:StringEquals": {"ec2:InstanceType": "t2.micro"}}}, {"Sid": "VisualEditor2", "Effect": "Allow", "Action": ["ec2:Describe*", "ec2:GetConsole*", "cloudwatch:DescribeAlarms", "iam:ListInstanceProfiles", "cloudwatch:GetMetricStatistics", "ec2:DescribeKeyPairs", "ec2:CreateKeyPair"], "Resource": "*", "Condition": {"DateGreaterThan": {"aws:CurrentTime": "2020-06-30T23:59:59Z"}, "DateLessThanEquals": {"aws:CurrentTime": "2020-04-01T00:00:00Z"}}}]}"
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": [
"arn:aws:ec2:us-east-2::instance/",
"arn:aws:ec2:us-east-2::network-interface/",
"arn:aws:ec2:us-east-2::key-pair/",
"arn:aws:ec2:us-east-2::security-group/",
"arn:aws:ec2:us-east-2::subnet/",
"arn:aws:ec2:us-east-2::volume/",
"arn:aws:ec2:us-east-2::image/ami-"
],
"Condition": {
"ForAllValues:NumericLessThanEquals": {
"ec2:VolumeSize": "20"
},
"ForAllValues:StringEquals": {
"ec2:InstanceType": "t2.micro"
}
}
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"ec2:TerminateInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "arn:aws:ec2:us-east-2::instance/",
"Condition": {
"ForAllValues:StringEquals": {
"ec2:InstanceType": "t2.micro"
}
}
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"ec2:GetConsole*",
"cloudwatch:DescribeAlarms",
"iam:ListInstanceProfiles",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeKeyPairs",
"ec2:CreateKeyPair"
],
"Resource": "*",
"Condition": {
"DateGreaterThan": {
"aws:CurrentTime": "2020-06-30T23:59:59Z"
},
"DateLessThanEquals": {
"aws:CurrentTime": "2020-04-01T00:00:00Z"
}
}
}
]
}
ec2_policy_meta_template = {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": [
"arn:aws:ec2:{{region}}::instance/",
"arn:aws:ec2:{{region}}::network-interface/",
"arn:aws:ec2:{{region}}::key-pair/",
"arn:aws:ec2:{{region}}::security-group/",
"arn:aws:ec2:{{region}}::subnet/",
"arn:aws:ec2:{{region}}::volume/",
"arn:aws:ec2:{{region}}::image/ami-"
],
"Condition": {
"ForAllValues:NumericLessThanEquals": {
"ec2:VolumeSize": "{{ebs_volume_size}}"
},
"ForAllValues:StringEquals": {
"ec2:InstanceType": "{{instance_type}}"
}
}
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"ec2:TerminateInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "arn:aws:ec2:{{region}}::instance/",
"Condition": {
"ForAllValues:StringEquals": {
"ec2:InstanceType": "{{instance_type}}"
}
}
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"ec2:GetConsole*",
"cloudwatch:DescribeAlarms",
"iam:ListInstanceProfiles",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeKeyPairs",
"ec2:CreateKeyPair"
],
"Resource": "*",
"Condition": {
"DateGreaterThan": {
"aws:CurrentTime": "{{start_time}}"
},
"DateLessThanEquals": {
"aws:CurrentTime": "{{end_time}}"
}
}
}
]
}