.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "VM::EC2::Security::Policy 3pm" .TH VM::EC2::Security::Policy 3pm "2022-10-14" "perl v5.34.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" VM::EC2::Security::Policy \-\- Simple IAM policy generator for EC2 .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 4 \& my $policy = VM::EC2::Security::Policy\->new; \& $policy\->allow(\*(AqDescribe*\*(Aq,\*(AqCreateVolume\*(Aq,\*(Aqdelete_volume\*(Aq); \& $policy\->deny(\*(AqDescribeVolumes\*(Aq); \& print $policy\->as_string; .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This is a very simple Identity and Access Management (\s-1IAM\s0) policy statement generator that works sufficiently well to create policies to control access \s-1EC2\s0 resources. It is not fully general across all \s-1AWS\s0 services. .SH "METHODS" .IX Header "METHODS" This section describes the methods available to VM::EC2::Security::Policy. You will create a new, empty, policy using \&\fBnew()\fR, grant access to \s-1EC2\s0 actions using \fBallow()\fR, and deny access to \&\s-1EC2\s0 actions using \fBdeny()\fR. When you are done, either call \fBas_string()\fR, or just use the policy object in a string context, to get a properly-formatted policy string. .PP \&\fBallow()\fR and \fBdeny()\fR return the modified object, allowing you to chain methods. For example: .PP .Vb 4 \& my $p = VM::EC2::Security::Policy\->new \& \->allow(\*(AqDescribe*\*(Aq) \& \->deny(\*(AqDescribeImages\*(Aq,\*(AqDescribeInstances\*(Aq); \& print $p; .Ve .ie n .SS "$policy = VM::EC2::Security::Policy\->\fBnew()\fP" .el .SS "\f(CW$policy\fP = VM::EC2::Security::Policy\->\fBnew()\fP" .IX Subsection "$policy = VM::EC2::Security::Policy->new()" This class method creates a new, empty policy object. The default policy object denies all access to \s-1EC2\s0 resources. .ie n .SS "$policy\->allow('action1','action2','action3',...)" .el .SS "\f(CW$policy\fP\->allow('action1','action2','action3',...)" .IX Subsection "$policy->allow('action1','action2','action3',...)" Grant access to the listed \s-1EC2\s0 actions. You may specify actions using Amazon's MixedCase notation (e.g. \*(L"DescribeInstances\*(R"), or using \&\s-1VM::EC2\s0's more Perlish underscore notation (e.g. \*(L"describe_instances\*(R"). You can find the list of actions in \&\s-1VM::EC2\s0, or in the Amazon \s-1API\s0 documentation at http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/OperationList\-query.html. .PP The \*(L"*\*(R" wildcard allows you to indicate a series of matching operations. For example, to allow all Describe operations: .PP .Vb 1 \& $policy\->allow(\*(AqDescribe*\*(Aq) .Ve .PP As described earlier, \fBallow()\fR returns the object, making it easy to chain methods. .ie n .SS "$policy\->deny('action1','action2','action3',...)" .el .SS "\f(CW$policy\fP\->deny('action1','action2','action3',...)" .IX Subsection "$policy->deny('action1','action2','action3',...)" Similar to \fBallow()\fR, but in this case denies access to certain actions. Deny statements take precedence over allow statements. .PP As described earlier, \fBdeny()\fR returns the object, making it easy to chain methods. .ie n .SS "$string = $policy\->as_string" .el .SS "\f(CW$string\fP = \f(CW$policy\fP\->as_string" .IX Subsection "$string = $policy->as_string" Converts the policy into a \s-1JSON\s0 string that can be passed to \&\s-1VM::EC2\-\s0>\fBget_federation_token()\fR, or other \s-1AWS\s0 libraries. .SH "STRING OVERLOADING" .IX Header "STRING OVERLOADING" When used in a string context, this object will interpolate into the policy \s-1JSON\s0 string using \fBas_string()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\s-1VM::EC2\s0 VM::EC2::Generic .SH "AUTHOR" .IX Header "AUTHOR" Lincoln Stein . .PP Copyright (c) 2011 Ontario Institute for Cancer Research .PP This package and its accompanying libraries is free software; you can redistribute it and/or modify it under the terms of the \s-1GPL\s0 (either version 1, or at your option, any later version) or the Artistic License 2.0. Refer to \s-1LICENSE\s0 for the full license text. In addition, please see \s-1DISCLAIMER\s0.txt for disclaimers of warranty.