function getSystemUserPolicy()

in source/user-manager/cognito-user.js [694:790]

• 96 lines of code
• 1 McCabe index (conditional complexity)

function getSystemUserPolicy(policyParams) {
    var systemUserPolicyTemplate = {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "TenantSystemUserTenantTable",
                "Effect": "Allow",
                "Action": [
                    "dynamodb:GetItem",
                    "dynamodb:BatchGetItem",
                    "dynamodb:Scan",
                    "dynamodb:Query",
                    "dynamodb:DescribeTable",
                    "dynamodb:CreateTable"
                ],
                "Resource": [policyParams.tenantTableArn]
            },
            {
                "Sid": "TenantSystemUserUserTable",
                "Effect": "Allow",
                "Action": [
                    "dynamodb:GetItem",
                    "dynamodb:BatchGetItem",
                    "dynamodb:Scan",
                    "dynamodb:Query",
                    "dynamodb:DescribeTable",
                    "dynamodb:CreateTable"
                ],
                "Resource": [policyParams.userTableArn]
            },
            {
                "Sid": "TenantSystemUserOrderTable",
                "Effect": "Allow",
                "Action": [
                    "dynamodb:GetItem",
                    "dynamodb:BatchGetItem",
                    "dynamodb:Scan",
                    "dynamodb:Query",
                    "dynamodb:DescribeTable",
                    "dynamodb:CreateTable"
                ],
                "Resource": [policyParams.orderTableArn]
            },
            {
                "Sid": "TenantSystemUserProductTable",
                "Effect": "Allow",
                "Action": [
                    "dynamodb:GetItem",
                    "dynamodb:BatchGetItem",
                    "dynamodb:Scan",
                    "dynamodb:Query",
                    "dynamodb:DescribeTable",
                    "dynamodb:CreateTable"
                ],
                "Resource": [policyParams.productTableArn]
            },
            {
                "Sid": "FullReadCognitoIdentityAccess",
                "Effect": "Allow",
                "Action": [
                    "cognito-identity:DescribeIdentity",
                    "cognito-identity:DescribeIdentityPool",
                    "cognito-identity:GetIdentityPoolRoles",
                    "cognito-identity:ListIdentities",
                    "cognito-identity:ListIdentityPools",
                    "cognito-identity:LookupDeveloperIdentity"
                ],
                "Resource": ["*"]
            },
            {
                "Sid": "FullReadCognitoUserPoolsAccess",
                "Effect": "Allow",
                "Action": [
                    "cognito-idp:AdminGetDevice",
                    "cognito-idp:AdminGetUser",
                    "cognito-idp:AdminListDevices",
                    "cognito-idp:AdminListGroupsForUser",
                    "cognito-idp:AdminResetUserPassword",
                    "cognito-idp:DescribeUserImportJob",
                    "cognito-idp:DescribeUserPool",
                    "cognito-idp:DescribeUserPoolClient",
                    "cognito-idp:GetCSVHeader",
                    "cognito-idp:GetGroup",
                    "cognito-idp:ListGroups",
                    "cognito-idp:ListUserImportJobs",
                    "cognito-idp:ListUserPoolClients",
                    "cognito-idp:ListUserPools",
                    "cognito-idp:ListUsers",
                    "cognito-idp:ListUsersInGroup"
                ],
                "Resource": ["*"]
            }
        ]
    };

    return systemUserPolicyTemplate;
}