1VM::EC2::Security::PoliUcsye(r3)Contributed Perl DocumenVtMa:t:iEoCn2::Security::Policy(3)
2
3
4

NAME

6       VM::EC2::Security::Policy -- Simple IAM policy generator for EC2
7

SYNOPSIS

9        my $policy = VM::EC2::Security::Policy->new;
10        $policy->allow('Describe*','CreateVolume','delete_volume');
11        $policy->deny('DescribeVolumes');
12        print $policy->as_string;
13

DESCRIPTION

15       This is a very simple Identity and Access Management (IAM) policy
16       statement generator that works sufficiently well to create policies to
17       control access EC2 resources. It is not fully general across all AWS
18       services.
19

METHODS

21       This section describes the methods available to
22       VM::EC2::Security::Policy. You will create a new, empty, policy using
23       new(), grant access to EC2 actions using allow(), and deny access to
24       EC2 actions using deny(). When you are done, either call as_string(),
25       or just use the policy object in a string context, to get a properly-
26       formatted policy string.
27
28       allow() and deny() return the modified object, allowing you to chain
29       methods. For example:
30
31        my $p = VM::EC2::Security::Policy->new
32                    ->allow('Describe*')
33                    ->deny('DescribeImages','DescribeInstances');
34        print $p;
35
36   $policy = VM::EC2::Security::Policy->new()
37       This class method creates a new, empty policy object. The default
38       policy object denies all access to EC2 resources.
39
40   $policy->allow('action1','action2','action3',...)
41       Grant access to the listed EC2 actions. You may specify actions using
42       Amazon's MixedCase notation (e.g. "DescribeInstances"), or using
43       VM::EC2's more Perlish underscore notation (e.g. "describe_instances").
44       You can find the list of actions in VM::EC2, or in the Amazon API
45       documentation at
46       http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/OperationList-query.html.
47
48       The "*" wildcard allows you to indicate a series of matching
49       operations. For example, to allow all Describe operations:
50
51        $policy->allow('Describe*')
52
53       As described earlier, allow() returns the object, making it easy to
54       chain methods.
55
56   $policy->deny('action1','action2','action3',...)
57       Similar to allow(), but in this case denies access to certain actions.
58       Deny statements take precedence over allow statements.
59
60       As described earlier, deny() returns the object, making it easy to
61       chain methods.
62
63   $string = $policy->as_string
64       Converts the policy into a JSON string that can be passed to
65       VM::EC2->get_federation_token(), or other AWS libraries.
66

STRING OVERLOADING

68       When used in a string context, this object will interpolate into the
69       policy JSON string using as_string().
70

SEE ALSO

72       VM::EC2 VM::EC2::Generic
73

AUTHOR

75       Lincoln Stein <lincoln.stein@gmail.com>.
76
77       Copyright (c) 2011 Ontario Institute for Cancer Research
78
79       This package and its accompanying libraries is free software; you can
80       redistribute it and/or modify it under the terms of the GPL (either
81       version 1, or at your option, any later version) or the Artistic
82       License 2.0.  Refer to LICENSE for the full license text. In addition,
83       please see DISCLAIMER.txt for disclaimers of warranty.
84
85
86
87perl v5.34.0                      2022-01-21      VM::EC2::Security::Policy(3)
Impressum