All Resources
¶
EC2VpcEndpointPolicy
¶
EC2VpcEndpointPolicyProperties
¶
Properties:
- PolicyDocument: A policy document object.
- PrivateDnsEnabled: Indicate whether to associate a private hosted zone with the specified VPC.
- RouteTableIds: One or more route table IDs.
- SecurityGroupIds: The ID of one or more security groups to associate with the endpoint network interface.
- ServiceName: The service name.
- SubnetIds: The ID of one or more subnets in which to create an endpoint network interface.
- VpcEndpointType: The type of endpoint.
- VpcId: The ID of the VPC in which the endpoint will be used.
More info at AWS Docs
¶
GenericResource
¶
This class is used for all resource types that we haven't had time to implement yet
¶
IAMGroup
¶
IAMGroupProperties
¶
Properties:
- GroupName: Name of the group.
- ManagedPolicyArns: ARN of the IAM policies to attach.
- Path: Path to the group. See IAM Identifiers.
- Policies: Inline policies embedded in the IAM group.
More info at AWS Docs
¶
IAMManagedPolicy
¶
IAMManagedPolicyProperties
¶
Properties:
- Description: Description of the policy.
- Groups: Friendly name of the IAM groups to attach the policy to.
- ManagedPolicyName: Name of the policy.
- Path: Path to the policy.
- PolicyDocument: A policy document object.
- Roles: Friendly name of the IAM roles to attach the policy to.
- Users: Friendly name of the IAM users to attach the policy to.
More info at AWS Docs
¶
IAMPolicy
¶
IAMPolicyProperties
¶
Properties:
- Groups: Friendly name of the IAM groups to attach the policy to.
- PolicyDocument: A policy document object.
- PolicyName: Name of the policy.
- Roles: Friendly name of the IAM roles to attach the policy to.
- Users: Friendly name of the IAM users to attach the policy to.
More info at AWS Docs
¶
IAMRole
¶
IAMRoleProperties
¶
Properties:
- AssumeRolePolicyDocument: A policy document object.
- ManagedPolicyArns: List of ARNs of the IAM managed policies to attach.
- MaxSessionDuration: Maximum session duration (in seconds).
- Path: Path to the role.
- PermissionsBoundary: ARN of the policy used to set the permissions boundary.
- Policies: A list of policy objects.
- RoleName: Name of the role.
More info at AWS Docs
¶
IAMUser
¶
Properties:
- Properties: A IAM User properties object.
More info at AWS Docs
has_hardcoded_credentials(self)
¶
Returns True if login profile password contains a hardcoded string, otherwise False.
Source code in pycfmodel/model/resources/iam_user.py
def has_hardcoded_credentials(self) -> bool:
"""Returns True if login profile password contains a hardcoded string, otherwise False."""
if self.Properties:
login_profile = self.Properties.LoginProfile
if login_profile and login_profile.get("Password"):
if login_profile["Password"] != Parameter.NO_ECHO_NO_DEFAULT:
return True
return super().has_hardcoded_credentials()
IAMUserProperties
¶
Properties:
- Groups: List of groups to attach.
- LoginProfile: Name and password for the user.
- ManagedPolicyArns: List of ARNs of the IAM managed policies to attach.
- Path: Path to the user.
- PermissionsBoundary: ARN of the policy used to set the permissions boundary.
- Policies: A list of policy objects.
- UserName: Name of the user.
More info at AWS Docs
¶
KMSKey
¶
KMSKeyProperties
¶
Properties:
- Description: Description of the CMK.
- EnableKeyRotation: Enables automatic rotation of the key for the customer master key.
- Enabled: Specifies whether the customer master key (CMK) is enabled.
- KeyPolicy: A policy document object.
- KeyUsage: Determines the cryptographic operations.
- PendingWindowInDays: Number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack.
- Tags: Array of key-value pairs.
More info at AWS Docs
¶
S3BucketPolicy
¶
S3BucketPolicyProperties
¶
Properties:
- Bucket: Name of the Amazon S3 bucket to which the policy applies.
- PolicyDocument: A policy document object.
More info at AWS Docs
¶
SecurityGroup
¶
SecurityGroupProperties
¶
Properties:
- GroupDescription: Description for the security group.
- GroupName: Name of the security group.
- SecurityGroupEgress: Outbound rules associated with the security group.
- SecurityGroupIngress: Inbound rules associated with the security group.
- Tags: Array of key-value pairs.
- VpcId: ID of the VPC for the security group.
More info at AWS Docs
¶
SecurityGroupEgress
¶
SecurityGroupEgressProperties
¶
Properties:
- CidrIp: IPv4 address range.
- CidrIpv6: IPv6 address range.
- Description: Description for the security group rule.
- DestinationPrefixListId: The prefix list IDs for an AWS service.
- DestinationSecurityGroupId: ID of the destination VPC security group.
- FromPort: Start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types.
- GroupId: ID of the security group.
- IpProtocol: IP protocol name.
- ToPort: End of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes.
More info at AWS Docs
¶
SecurityGroupIngress
¶
SecurityGroupIngressProperties
¶
Properties:
- CidrIp: IPv4 address range.
- CidrIpv6: IPv6 address range.
- Description: Description for the security group rule.
- FromPort: Start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types.
- GroupId: ID of the security group.
- GroupName: Name of the security group.
- IpProtocol: IP protocol name.
- SourcePrefixListId: The prefix list IDs for an AWS service.
- SourceSecurityGroupId: ID of the security group.
- SourceSecurityGroupName: Name of the source security group.
- SourceSecurityGroupOwnerId: AWS account ID for the source security group.
- ToPort: End of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes.
More info at AWS Docs
¶
SNSTopicPolicy
¶
SNSTopicPolicyProperties
¶
Properties:
- PolicyDocument: A policy document object.
- Topics: ARNs of the topics to add the policy.
More info at AWS Docs
¶
SQSQueuePolicy
¶
SQSQueuePolicyProperties
¶
Properties:
- PolicyDocument: A policy document object.
- Queues: URLs of the queues to add the policy.
More info at AWS Docs