Fugue.AWS.IAM.Typed.AssumeRolePolicy

Policy documents are described here: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html

Module Members

fromString

(Function)

Convert a Ludwig.String value to an Optional<Policy>. None indicates failure.

Type Signature

 fun (String) -> Optional<AssumeRolePolicy>
Argument: x
Type: String
Returns:
Type: Optional<AssumeRolePolicy>

new

(Function)

Construct an AssumeRolePolicy from a Document

Example:

assumeRole: AssumeRolePolicy.new {
    version: V2012-10-17,
    statements: [
      allow {
        actions: ["sts:AssumeRole"],
        principals: [
          aws ["arn:aws:iam::123456789012:root"]
          ]
        }
     ]
  }

Type Signature

 fun (Document) -> AssumeRolePolicy
Argument: doc

Document to construct the AssumeRolePolicy from

Type: Document

Returns:

A new AssumeRolePolicy

Type: AssumeRolePolicy

toId

(Function)

Convert a Service to a Fugue.AWS.IAM.Typed.Policy.Id value.

Type Signature

 fun (Service) -> Id
Argument: svc
Type: Service
Returns:
Type: Id

toString

(Function)

Convert a AssumeRolePolicy to a Ludwig.String value.

Type Signature

 fun (AssumeRolePolicy) -> String
Argument: x
Type: AssumeRolePolicy
Returns:
Type: String

trustServices

(Function)

Generate an AssumeRolePolicy granting sts:AssumeRole permissions to the specified services.

Type Signature

 fun (List<Service>) -> AssumeRolePolicy
Argument: services

A list of Service values to grant permissions to.

Type: List<Service>

Returns:

An AssumeRolePolicy document for the given services.

Type: AssumeRolePolicy

AssumeRolePolicy

(Type)

type AssumeRolePolicy:
  | AssumeRolePolicy Document

AssumeRolePolicy

(Constructor)

Argument:
Document

IAM assume role policy

Service

(Type)

type Service:
  | CloudTrail
  | EC2
  | ECSService
  | ECSTask
  | FlowLogs
  | Lambda
  | RDS
  | RDSMonitoring

CloudTrail

(Constructor)

EC2

(Constructor)

ECSService

(Constructor)

ECSTask

(Constructor)

FlowLogs

(Constructor)

Lambda

(Constructor)

RDS

(Constructor)

RDSMonitoring

(Constructor)

AWS Services

cloudTrail

(Value)

cloudTrail:
  trustServices([CloudTrail])

Grant CloudTrail the sts:AssumeRole permission.

ec2

(Value)

ec2:
  trustServices([EC2])

Grant EC2 the sts:AssumeRole permission.

ecsService

(Value)

ecsService:
  trustServices([ECSService])

Grant ECS Service the sts:AssumeRole permission.

ecsTask

(Value)

ecsTask:
  trustServices([ECSTask])

Grant ECS Task the sts:AssumeRole permission.

flowLogs

(Value)

flowLogs:
  trustServices([FlowLogs])

Grant Flow Logs the sts:AssumeRole permission.

lambda

(Value)

lambda:
  trustServices([Lambda])

Grant Lambda the sts:AssumeRole permission.

rds

(Value)

rds:
  trustServices([RDS])

Grant RDS the sts:AssumeRole permission.

rdsMonitoring

(Value)

rdsMonitoring:
  trustServices([RDSMonitoring])

Grant RDSMonitoring the sts:AssumeRole permission.