Skip to content

Latest commit

 

History

History
123 lines (108 loc) · 3.57 KB

README.md

File metadata and controls

123 lines (108 loc) · 3.57 KB
Raw

pycfmodel

Build Status PyPI version Documentation Status License

A python model for Cloud Formation scripts.

pycfmodel makes it easier to work with CloudFormation scripts in Python by creating a model comprised of python objects. Objects have various helper functions which help with performing common tasks related to parsing and inspecting CloudFormation scripts.

pip install pycfmodel

Currently Supported

  • AWSTemplateFormatVersion
  • Conditions
  • Description
  • Mappings
  • Metadata
  • Outputs
  • Parameters
  • Resources:
    • Properties:
      • Policy
      • Policy Document
      • Principal
      • Security Group Egress Prop
      • Security Group Ingress Prop
      • Statement
      • Tag
    • EC2 VPC Endpoint Policy
    • Generic Resource
    • IAM Group
    • IAM Managed Policy
    • IAM Policy
    • IAM Role
    • IAM User
    • KMS Key
    • OpenSearch Service (legacy ElasticSearch resource)
      • Elasticsearch Domain
    • OpenSearch Service
      • OpenSearchService Domain
    • S3 Bucket
    • S3 Bucket Policy
    • Security Group
    • Security Group Egress
    • Security Group Ingress
    • SNS Topic Policy
    • SQS Queue Policy
  • Transform

Example

from pycfmodel import parse

template = {
    "AWSTemplateFormatVersion": "2010-09-09",
    "Parameters": {"StarParameter": {"Type": "String", "Default": "*", "Description": "Star Param"}},
    "Resources": {
        "rootRole": {
            "Type": "AWS::IAM::Role",
            "Properties": {
                "AssumeRolePolicyDocument": {
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {"AWS": {"Fn::Sub": "arn:aws:iam::${AWS::AccountId}:root"}},
                            "Action": ["sts:AssumeRole"],
                        }
                    ],
                },
                "Path": "/",
                "Policies": [
                    {
                        "PolicyName": "root",
                        "PolicyDocument": {
                            "Version": "2012-10-17",
                            "Statement": [
                                {
                                    "Effect": "Allow",
                                    "Action": {"Ref": "StarParameter"},
                                    "Resource": {"Ref": "StarParameter"},
                                }
                            ],
                        },
                    }
                ],
            },
        }
    },
}

model = parse(template).resolve(extra_params={"AWS::AccountId": "123"})
rootRole = model.Resources["rootRole"]
policy = rootRole.Properties.Policies[0]
statement = policy.PolicyDocument.Statement[0]

assert statement.Action == "*"
assert statement.Resource == "*"
assert rootRole.Properties.AssumeRolePolicyDocument.Statement[0].Principal == {"AWS": "arn:aws:iam::123:root"}

Local Development Commands

make install-dev
make coverage
make test
make freeze

If the test tests/test_constants.py::test_cloudformation_actions is failing, it can be resolved by updating the known AWS Actions:

python3 scripts/generate_cloudformation_actions_file.py