From 66feed4f47345cfcae452b186cb61fb1a5569ca5 Mon Sep 17 00:00:00 2001 From: abikouo Date: Tue, 15 Nov 2022 16:05:11 +0100 Subject: [PATCH] Terminator policies for CloudFront modules --- aws/policy/paas.yaml | 24 ++++++++++++++++ aws/terminator/application_services.py | 38 ++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/aws/policy/paas.yaml b/aws/policy/paas.yaml index 641f58ad..c2380380 100644 --- a/aws/policy/paas.yaml +++ b/aws/policy/paas.yaml @@ -24,6 +24,14 @@ Statement: - Sid: AllowResourceRestrictedActionsWhichIncurNoFees Effect: Allow Action: + - cloudfront:CreateDistribution + - cloudfront:CreateDistributionWithTags + - cloudfront:DeleteDistribution + - cloudfront:UpdateDistribution + - cloudfront:TagResource + - cloudfront:UntagResource + - cloudfront:ListTagsForResource + - cloudfront:DeleteStreamingDistribution - ecr:DeleteLifecyclePolicy - ecr:DeleteRepository - ecr:DeleteRepositoryPolicy @@ -86,6 +94,7 @@ Statement: - lightsail:StopInstance - lightsail:ReleaseStaticIp Resource: + - 'arn:aws:cloudfront::{{ aws_account_id }}:distribution/*' - 'arn:aws:ecr:{{ aws_region }}:{{ aws_account_id }}:repository/*' - 'arn:aws:eks:{{ aws_region }}:{{ aws_account_id }}:cluster/*' - 'arn:aws:eks:{{ aws_region }}:{{ aws_account_id }}:fargateprofile/*/*/*' @@ -115,6 +124,21 @@ Statement: - lambda:ListFunctions - lambda:ListLayers - lambda:ListVersionsByFunction + - cloudfront:GetDistribution + - cloudfront:GetDistributionConfig + - cloudfront:GetStreamingDistribution + - cloudfront:GetStreamingDistributionConfig + - cloudfront:ListCloudFrontOriginAccessIdentities + - cloudfront:ListDistributions + - cloudfront:ListDistributionsByWebACLId + - cloudfront:ListStreamingDistributions + - cloudfront:CreateCloudFrontOriginAccessIdentity + - cloudfront:DeleteCloudFrontOriginAccessIdentity + - cloudfront:GetCloudFrontOriginAccessIdentity + - cloudfront:GetCloudFrontOriginAccessIdentityConfig + - cloudfront:UpdateCloudFrontOriginAccessIdentity + - cloudfront:GetInvalidation + - cloudfront:CreateInvalidation Resource: - "*" diff --git a/aws/terminator/application_services.py b/aws/terminator/application_services.py index 09e76249..1b5e8fbd 100644 --- a/aws/terminator/application_services.py +++ b/aws/terminator/application_services.py @@ -367,3 +367,41 @@ def name(self): def terminate(self): self.client.delete_document(Name=self.name) + + +class CloudFrontDistribution(Terminator): + @staticmethod + def create(credentials): + def paginate_distributions(client): + return client.get_paginator('list_distributions').paginate().build_full_result()['DistributionList']['Items'] + return Terminator._create(credentials, CloudFrontDistribution, 'cloudfront', paginate_distributions) + + @property + def created_time(self): + return self.instance['LastModifiedTime'] + + @property + def name(self): + return self.instance['DomainName'] + + def terminate(self): + self.client.delete_distribution(Id=self.instance['Id']) + + +class CloudFrontStreamingDistribution(Terminator): + @staticmethod + def create(credentials): + def paginate_streaming_distributions(client): + return client.get_paginator('list_streaming_distributions').paginate().build_full_result()['StreamingDistributionList']['Items'] + return Terminator._create(credentials, CloudFrontStreamingDistribution, 'cloudfront', paginate_streaming_distributions) + + @property + def created_time(self): + return self.instance['LastModifiedTime'] + + @property + def name(self): + return self.instance['DomainName'] + + def terminate(self): + self.client.delete_streaming_distribution(Id=self.instance['Id'])