-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(hamlet): add permissions extensions
- Loading branch information
1 parent
2a151a4
commit 4c68e0c
Showing
5 changed files
with
128 additions
and
58 deletions.
There are no files selected for viewing
34 changes: 34 additions & 0 deletions
34
hamlet/s3support/extensions/s3_inventory_copy_batch/extension.ftl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
[#ftl] | ||
|
||
[@addExtension | ||
id="s3_inventory_copy_batch" | ||
aliases=[ | ||
"_s3_inventory_copy_batch" | ||
] | ||
description=[ | ||
"Configures the s3 batch lambda" | ||
] | ||
supportedTypes=[ | ||
LAMBDA_COMPONENT_TYPE, | ||
LAMBDA_FUNCTION_COMPONENT_TYPE | ||
] | ||
/] | ||
|
||
[#macro shared_extension_s3_inventory_copy_batch_deployment_setup occurrence ] | ||
|
||
[@Settings | ||
[ | ||
"DESTINATION_BUCKET_NAME" | ||
] + | ||
valueIfContent( | ||
[ "S3_DESTINATION_PREFIX" ], | ||
(_context.DefaultEnvironment["S3_DESTINATION_PREFIX"])!"", | ||
[] | ||
) + | ||
valueIfContent( | ||
[ "S3_DESTINATION_SUFFIX" ], | ||
(_context.DefaultEnvironment["S3_DESTINATION_SUFFIX"])!"", | ||
[] | ||
) | ||
/] | ||
[/#macro] |
61 changes: 61 additions & 0 deletions
61
hamlet/s3support/extensions/s3_inventory_copy_event/extension.ftl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
[#ftl] | ||
|
||
[@addExtension | ||
id="s3_inventory_copy_event" | ||
aliases=[ | ||
"_s3_inventory_copy_event" | ||
] | ||
description=[ | ||
"Configures the s3 event lambda with batch permissions" | ||
] | ||
supportedTypes=[ | ||
LAMBDA_COMPONENT_TYPE, | ||
LAMBDA_FUNCTION_COMPONENT_TYPE | ||
] | ||
/] | ||
|
||
[#macro shared_extension_s3_inventory_copy_event_deployment_setup occurrence ] | ||
|
||
[#-- When submitting an s3 batch we need to give batch an IAM role which allows it to access the source and invoke the lambda --] | ||
[#-- This creates a new role using the same links as the lambda but with a different trust --] | ||
[@includeServicesConfiguration | ||
provider=AWS_PROVIDER | ||
services=AWS_IDENTITY_SERVICE | ||
deploymentFramework=CLOUD_FORMATION_DEPLOYMENT_FRAMEWORK | ||
/] | ||
|
||
[#local s3BatchRoleId = formatResourceId(AWS_IAM_ROLE_RESOURCE_TYPE, occurrence.Core.Id, "s3", "batchoperations") ] | ||
[#local s3BatchPolicies = getLinkTargetsOutboundRoles(_context.Links) ] | ||
|
||
[#if deploymentSubsetRequired("iam", true) && | ||
isPartOfCurrentDeploymentUnit(s3BatchRoleId)] | ||
[@createRole | ||
id=s3BatchRoleId | ||
trustedServices=[ | ||
"batchoperations.s3.amazonaws.com" | ||
] | ||
policies=[getPolicyDocument(s3BatchPolicies, "links")] | ||
/] | ||
[/#if] | ||
|
||
[@ContextSetting | ||
name="S3_BATCH_ROLE_ARN" | ||
value=getReference(s3BatchRoleId, ARN_ATTRIBUTE_TYPE) | ||
/] | ||
|
||
[#-- Allow the S3 event function to pass the IAM role to s3 batch --] | ||
[@Policy | ||
iamPassRolePermission( | ||
[ | ||
getReference(s3BatchRoleId, ARN_ATTRIBUTE_TYPE) | ||
] | ||
) | ||
/] | ||
|
||
[@Settings | ||
[ | ||
"S3_BATCH_JOB_LAMBDA_ARN", | ||
"S3_BATCH_PRIORITY" | ||
] | ||
/] | ||
[/#macro] |
43 changes: 0 additions & 43 deletions
43
hamlet/s3support/modules/extensions/s3_inventory_copy_event/extension.ftl
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,3 @@ | ||
[#ftl] | ||
|
||
[#assign S3SUPPORT_PROVIDER = "s3support" ] |