CreatePolicy.go - AWS Code Sample

CreatePolicy.go

// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: MIT-0 package main import ( "encoding/json" "flag" "fmt" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/iam" "github.com/aws/aws-sdk-go/service/iam/iamiface" ) // StatementEntry will dictate what this policy allows or doesn't allow. type StatementEntry struct { Effect string Action []string Resource string } // PolicyDocument is our definition of our policies to be uploaded to IAM. type PolicyDocument struct { Version string Statement []StatementEntry } // MakePolicy creates an IAM policy // Inputs: // svc is an IAM service client // Output: // If success, nil // Otherwise, an error from the call to json.Marshall or CreatePolicy func MakePolicy(svc iamiface.IAMAPI, policyName *string) error { // Builds our policy document for IAM. policy := PolicyDocument{ Version: "2012-10-17", Statement: []StatementEntry{ StatementEntry{ Effect: "Allow", Action: []string{ "logs:CreateLogGroup", // Allow for creating log groups }, Resource: "RESOURCE ARN FOR logs:*", }, StatementEntry{ Effect: "Allow", // Allows for DeleteItem, GetItem, PutItem, Scan, and UpdateItem Action: []string{ "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Scan", "dynamodb:UpdateItem", }, Resource: "RESOURCE ARN FOR dynamodb:*", }, }, } b, err := json.Marshal(&policy) if err != nil { return err } _, err = svc.CreatePolicy(&iam.CreatePolicyInput{ PolicyDocument: aws.String(string(b)), PolicyName: policyName, }) return err } func main() { policyName := flag.String("n", "", "The name of the policy") flag.Parse() if *policyName == "" { fmt.Println("You must supply the name of the policy (-n POLICY)") return } sess := session.Must(session.NewSessionWithOptions(session.Options{ SharedConfigState: session.SharedConfigEnable, })) svc := iam.New(sess) err := MakePolicy(svc, policyName) if err != nil { fmt.Println("Got an error creating the policy:") fmt.Println(err) return } fmt.Println("Created policy " + *policyName) }