All Resources
¶
EC2VpcEndpointPolicy
¶
EC2VpcEndpointPolicyProperties
¶
Properties:
- PolicyDocument: A policy document object.
- PrivateDnsEnabled: Indicate whether to associate a private hosted zone with the specified VPC.
- RouteTableIds: One or more route table IDs.
- SecurityGroupIds: The ID of one or more security groups to associate with the endpoint network interface.
- ServiceName: The service name.
- SubnetIds: The ID of one or more subnets in which to create an endpoint network interface.
- VpcEndpointType: The type of endpoint.
- VpcId: The ID of the VPC in which the endpoint will be used.
More info at AWS Docs
¶
IAMGroup
¶
IAMGroupProperties
¶
Properties:
- GroupName: Name of the group.
- ManagedPolicyArns: ARN of the IAM policies to attach.
- Path: Path to the group. See IAM Identifiers.
- Policies: Inline policies embedded in the IAM group.
More info at AWS Docs
¶
IAMManagedPolicy
¶
IAMManagedPolicyProperties
¶
Properties:
- Description: Description of the policy.
- Groups: Friendly name of the IAM groups to attach the policy to.
- ManagedPolicyName: Name of the policy.
- Path: Path to the policy.
- PolicyDocument: A policy document object.
- Roles: Friendly name of the IAM roles to attach the policy to.
- Users: Friendly name of the IAM users to attach the policy to.
More info at AWS Docs
¶
IAMPolicy
¶
IAMPolicyProperties
¶
Properties:
- Groups: Friendly name of the IAM groups to attach the policy to.
- PolicyDocument: A policy document object.
- PolicyName: Name of the policy.
- Roles: Friendly name of the IAM roles to attach the policy to.
- Users: Friendly name of the IAM users to attach the policy to.
More info at AWS Docs
¶
IAMRole
¶
IAMRoleProperties
¶
Properties:
- AssumeRolePolicyDocument: A policy document object.
- ManagedPolicyArns: List of ARNs of the IAM managed policies to attach.
- MaxSessionDuration: Maximum session duration (in seconds).
- Path: Path to the role.
- PermissionsBoundary: ARN of the policy used to set the permissions' boundary.
- Policies: A list of policy objects.
- RoleName: Name of the role.
More info at AWS Docs
¶
IAMUser
¶
Properties:
- Properties: A IAM User properties object.
More info at AWS Docs
has_hardcoded_credentials(self)
¶
Returns True if login profile password contains a hardcoded string, otherwise False.
Source code in pycfmodel/model/resources/iam_user.py
def has_hardcoded_credentials(self) -> bool:
"""Returns True if login profile password contains a hardcoded string, otherwise False."""
if self.Properties:
login_profile = self.Properties.LoginProfile
if login_profile and login_profile.get("Password"):
if login_profile["Password"] != Parameter.NO_ECHO_NO_DEFAULT:
return True
return super().has_hardcoded_credentials()
IAMUserProperties
¶
Properties:
- Groups: List of groups to attach.
- LoginProfile: Name and password for the user.
- ManagedPolicyArns: List of ARNs of the IAM managed policies to attach.
- Path: Path to the user.
- PermissionsBoundary: ARN of the policy used to set the permissions boundary.
- Policies: A list of policy objects.
- UserName: Name of the user.
More info at AWS Docs
¶
KMSKey
¶
KMSKeyProperties
¶
Properties:
- Description: Description of the CMK.
- EnableKeyRotation: Enables automatic rotation of the key for the customer master key.
- Enabled: Specifies whether the customer master key (CMK) is enabled.
- KeyPolicy: A policy document object.
- KeyUsage: Determines the cryptographic operations.
- KeySpec: Specifies the type of CMK to create.
- MultiRegion: Allows multi-Region primary CMK to be replicated in other AWS Regions.
- PendingWindowInDays: Number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack.
- Tags: Array of key-value pairs.
More info at AWS Docs
¶
Resource
¶
policy_documents: List[pycfmodel.model.utils.OptionallyNamedPolicyDocument]
property
readonly
¶
Returns a list with all the optionally named policy documents in this resource within its properties. Every resource has a Properties field, if not, it's a malformed CloudFormation template.
obtain_policy_documents(self, policy_documents, properties)
¶
Obtains recursively all the optionally named policy documents within a given list of properties.
Source code in pycfmodel/model/resources/resource.py
def obtain_policy_documents(self, policy_documents: List, properties: List[Any]):
"""
Obtains recursively all the optionally named policy documents within a given list of properties.
"""
for property_type in properties:
if isinstance(property_type, PolicyDocument):
policy_documents.append(OptionallyNamedPolicyDocument(policy_document=property_type, name=None))
elif isinstance(property_type, Policy):
policy_documents.append(
OptionallyNamedPolicyDocument(
name=property_type.PolicyName, policy_document=property_type.PolicyDocument
)
)
elif isinstance(property_type, OptionallyNamedPolicyDocument):
policy_documents.append(property_type)
elif isinstance(property_type, list):
self.obtain_policy_documents(policy_documents=policy_documents, properties=property_type)
elif isinstance(property_type, Generic):
self.obtain_policy_documents(
policy_documents=policy_documents, properties=list(property_type.__dict__.values())
)
¶
S3Bucket
¶
S3BucketProperties
¶
Properties:
- AccelerateConfiguration: Configures the transfer acceleration state for an Amazon S3 bucket.
- AccessControl: A canned access control list (ACL) that grants predefined permissions to the bucket.
- AnalyticsConfigurations: Specifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.
- BucketEncryption: Specifies encryption on the bucket.
- BucketName: The name of the bucket.
- CorsConfiguration: Describes the cross-origin access configuration for objects in an Amazon S3 bucket.
- IntelligentTieringConfigurations: Defines how Amazon S3 handles Intelligent-Tiering storage.
- InventoryConfigurations: Specifies the inventory configuration for an Amazon S3 bucket.
- LifecycleConfiguration: Specifies the lifecycle configuration for objects in an Amazon S3 bucket.
- LoggingConfiguration: Settings that define where logs are stored.
- MetricsConfigurations: Specifies a metrics configuration for the CloudWatch request metrics.
- NotificationConfiguration: Defines how Amazon S3 handles bucket notifications.
- ObjectLockConfiguration: Places an Object Lock configuration on the specified bucket.
- ObjectLockEnabled: Indicates whether this bucket has an Object Lock configuration enabled.
- OwnershipControls: Defines how Amazon S3 handles object ownership rules.
- PublicAccessBlockConfiguration: Defines how Amazon S3 handles public access.
- ReplicationConfiguration: Configuration for replicating objects in an S3 bucket.
- Tags: An arbitrary set of tags (key-value pairs) for the bucket.
- VersioningConfiguration: If enabled, allows for multiple versions of all objects in this bucket to be stored.
- WebsiteConfiguration: Information used to configure the bucket as a static website.
More info at AWS Docs
¶
S3BucketPolicy
¶
S3BucketPolicyProperties
¶
Properties:
- Bucket: Name of the Amazon S3 bucket to which the policy applies.
- PolicyDocument: A policy document object.
More info at AWS Docs
¶
RDSDBSecurityGroupProperties
¶
Properties:
- DBSecurityGroupIngress: Inbound rules associated with the security group.
- EC2VpcId: The identifier of an Amazon VPC. This property indicates the VPC that this DB security group belongs to.
- GroupDescription: Description for the security group.
- Tags: Array of key-value pairs.
More info at AWS Docs
SecurityGroup
¶
SecurityGroupProperties
¶
Properties:
- GroupDescription: Description for the security group.
- GroupName: Name of the security group.
- SecurityGroupEgress: Outbound rules associated with the security group.
- SecurityGroupIngress: Inbound rules associated with the security group.
- Tags: Array of key-value pairs.
- VpcId: ID of the VPC for the security group.
More info at AWS Docs
¶
SecurityGroupEgress
¶
SecurityGroupEgressProperties
¶
Properties:
- CidrIp: IPv4 address range.
- CidrIpv6: IPv6 address range.
- Description: Description for the security group rule.
- DestinationPrefixListId: The prefix list IDs for an AWS service.
- DestinationSecurityGroupId: ID of the destination VPC security group.
- FromPort: Start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types.
- GroupId: ID of the security group.
- IpProtocol: IP protocol name.
- ToPort: End of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes.
More info at AWS Docs
¶
SecurityGroupIngress
¶
SecurityGroupIngressProperties
¶
Properties:
- CidrIp: IPv4 address range.
- CidrIpv6: IPv6 address range.
- Description: Description for the security group rule.
- FromPort: Start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types.
- GroupId: ID of the security group.
- GroupName: Name of the security group.
- IpProtocol: IP protocol name.
- SourcePrefixListId: The prefix list IDs for an AWS service.
- SourceSecurityGroupId: ID of the security group.
- SourceSecurityGroupName: Name of the source security group.
- SourceSecurityGroupOwnerId: AWS account ID for the source security group.
- ToPort: End of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes.
More info at AWS Docs
¶
SNSTopicPolicy
¶
SNSTopicPolicyProperties
¶
Properties:
- PolicyDocument: A policy document object.
- Topics: ARNs of the topics to add the policy.
More info at AWS Docs
¶
SQSQueuePolicy
¶
SQSQueuePolicyProperties
¶
Properties:
- PolicyDocument: A policy document object.
- Queues: URLs of the queues to add the policy.
More info at AWS Docs