in rdk/rdk.py [0:0]
def __create_automation_iam_cloudformation_block(self, ssm_automation, rule_name):
print('Generate IAM Role for SSM Document with these actions', str(ssm_automation['IAM']))
assume_role_template = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ssm.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
#params_file_path = os.path.join(os.getcwd(), rules_dir, rulename, parameter_file_name)
ssm_automation_iam_role = {"Type": "AWS::IAM::Role",
"Properties": {
"Description" : "IAM Role to Support Config Remediation for " + rule_name,
"Path": "/rdk-remediation-role/",
#"RoleName": {"Fn::Sub": "" + rule_name + "-Remediation-Role-${AWS::Region}"},
"AssumeRolePolicyDocument" : assume_role_template
}
}
ssm_automation_iam_policy = {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": ssm_automation['IAM'],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyName": {"Fn::Sub": "" + rule_name + "-Remediation-Policy-${AWS::Region}"},
"Roles": [
{
"Ref": self.__get_alphanumeric_rule_name(rule_name + 'Role')
}
]
}
}
return(ssm_automation_iam_role, ssm_automation_iam_policy)