Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
VM::EC2::Security::PolUser3Contributed Perl DocumeVM::EC2::Security::Policy(3)

NAME
       VM::EC2::Security::Policy -- Simple IAM policy generator	for EC2

SYNOPSIS
	my $policy = VM::EC2::Security::Policy->new;
	$policy->allow('Describe*','CreateVolume','delete_volume');
	$policy->deny('DescribeVolumes');
	print $policy->as_string;

DESCRIPTION
       This is a very simple Identity and Access Management (IAM) policy
       statement generator that	works sufficiently well	to create policies to
       control access EC2 resources. It	is not fully general across all	AWS
       services.

METHODS
       This section describes the methods available to
       VM::EC2::Security::Policy. You will create a new, empty,	policy using
       new(), grant access to EC2 actions using	allow(), and deny access to
       EC2 actions using deny(). When you are done, either call	as_string(),
       or just use the policy object in	a string context, to get a properly-
       formatted policy	string.

       allow() and deny() return the modified object, allowing you to chain
       methods.	For example:

	my $p =	VM::EC2::Security::Policy->new
		    ->allow('Describe*')
		    ->deny('DescribeImages','DescribeInstances');
	print $p;

   $policy = VM::EC2::Security::Policy->new()
       This class method creates a new,	empty policy object. The default
       policy object denies all	access to EC2 resources.

   $policy->allow('action1','action2','action3',...)
       Grant access to the listed EC2 actions. You may specify actions using
       Amazon's	MixedCase notation (e.g. "DescribeInstances"), or using
       VM::EC2's more Perlish underscore notation (e.g.	"describe_instances").
       You can find the	list of	actions	in VM::EC2, or in the Amazon API
       documentation at
       http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/OperationList-query.html.

       The "*" wildcard	allows you to indicate a series	of matching
       operations. For example,	to allow all Describe operations:

	$policy->allow('Describe*')

       As described earlier, allow() returns the object, making	it easy	to
       chain methods.

   $policy->deny('action1','action2','action3',...)
       Similar to allow(), but in this case denies access to certain actions.
       Deny statements take precedence over allow statements.

       As described earlier, deny() returns the	object,	making it easy to
       chain methods.

   $string = $policy->as_string
       Converts	the policy into	a JSON string that can be passed to
       VM::EC2->get_federation_token(),	or other AWS libraries.

STRING OVERLOADING
       When used in a string context, this object will interpolate into	the
       policy JSON string using	as_string().

SEE ALSO
       VM::EC2 VM::EC2::Generic

AUTHOR
       Lincoln Stein <lincoln.stein@gmail.com>.

       Copyright (c) 2011 Ontario Institute for	Cancer Research

       This package and	its accompanying libraries is free software; you can
       redistribute it and/or modify it	under the terms	of the GPL (either
       version 1, or at	your option, any later version)	or the Artistic
       License 2.0.  Refer to LICENSE for the full license text. In addition,
       please see DISCLAIMER.txt for disclaimers of warranty.

perl v5.32.0			  2020-08-23	  VM::EC2::Security::Policy(3)
NAME | SYNOPSIS | DESCRIPTION | METHODS | STRING OVERLOADING | SEE ALSO | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=VM::EC2::Security::Policy&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help