scenarios

package

v0.0.0-...-ba09527 Latest Latest Go to latest Published: Apr 25, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/awsdocs/aws-doc-sdk-examples

Links

Open Source Insights

Documentation ¶

Index ¶

type AssumeRoleScenario
- func NewAssumeRoleScenario(sdkConfig aws.Config, questioner demotools.IQuestioner, helper IScenarioHelper) AssumeRoleScenario
type IScenarioHelper
type ScenarioHelper
- func (helper *ScenarioHelper) GetName() string
- func (helper ScenarioHelper) Pause(secs int)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AssumeRoleScenario ¶

type AssumeRoleScenario struct {
	// contains filtered or unexported fields
}

AssumeRoleScenario shows you how to use the AWS Identity and Access Management (IAM) service to perform the following actions:

Create a user who has no permissions.
Create a role that grants permission to list Amazon Simple Storage Service (Amazon S3) buckets for the account.
Add a policy to let the user assume the role.
Try and fail to list buckets without permissions.
Assume the role and list S3 buckets using temporary credentials.
Delete the policy, role, and user.

func NewAssumeRoleScenario ¶

func NewAssumeRoleScenario(sdkConfig aws.Config, questioner demotools.IQuestioner,
	helper IScenarioHelper) AssumeRoleScenario

NewAssumeRoleScenario constructs an AssumeRoleScenario instance from a configuration. It uses the specified config to get an IAM client and create wrappers for the actions used in the scenario.

func (AssumeRoleScenario) Cleanup ¶

func (scenario AssumeRoleScenario) Cleanup(user *types.User, role *types.Role)

Cleanup deletes all resources created for the scenario.

func (AssumeRoleScenario) CreateAccessKey ¶

func (scenario AssumeRoleScenario) CreateAccessKey(user *types.User) *types.AccessKey

CreateAccessKey creates an access key for the user.

func (AssumeRoleScenario) CreateRoleAndPolicies ¶

func (scenario AssumeRoleScenario) CreateRoleAndPolicies(user *types.User) *types.Role

CreateRoleAndPolicies creates a policy that grants permission to list S3 buckets for the current account and attaches the policy to a newly created role. It also adds an inline policy to the specified user that grants the user permission to assume the role.

func (AssumeRoleScenario) CreateUser ¶

func (scenario AssumeRoleScenario) CreateUser() *types.User

CreateUser creates a new IAM user. This user has no permissions.

func (AssumeRoleScenario) ListBucketsWithAssumedRole ¶

func (scenario AssumeRoleScenario) ListBucketsWithAssumedRole(noPermsConfig *aws.Config, role *types.Role)

ListBucketsWithAssumedRole performs the following actions:

Creates an AWS Security Token Service (AWS STS) client from the config created from the user's access key credentials.
Gets temporary credentials by assuming the role that grants permission to list the buckets.
Creates an Amazon S3 client from the temporary credentials.
Lists buckets for the account. Because the temporary credentials are generated by assuming the role that grants permission, the action succeeds.

func (AssumeRoleScenario) ListBucketsWithoutPermissions ¶

func (scenario AssumeRoleScenario) ListBucketsWithoutPermissions(accessKey *types.AccessKey) *aws.Config

ListBucketsWithoutPermissions creates an Amazon S3 client from the user's access key credentials and tries to list buckets for the account. Because the user does not have permission to perform this action, the action fails.

func (AssumeRoleScenario) Run ¶

func (scenario AssumeRoleScenario) Run()

Run runs the interactive scenario.

type IScenarioHelper ¶

type IScenarioHelper interface {
	GetName() string
	Pause(secs int)
}

IScenarioHelper abstracts input and wait functions from a scenario so that they can be mocked for unit testing.

type ScenarioHelper ¶

type ScenarioHelper struct {
	Prefix string
	Random *rand.Rand
}

func (*ScenarioHelper) GetName ¶

func (helper *ScenarioHelper) GetName() string

GetName returns a unique name formed of a prefix and a random number.

func (ScenarioHelper) Pause ¶

func (helper ScenarioHelper) Pause(secs int)

Pause waits for the specified number of seconds.

Source Files ¶

View all Source files

scenario_assume_role.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL