Terminator policies for CloudFront modules

mattclay · Nov 15, 2022 · c9a638e · c9a638e
1 parent 488530e
commit c9a638e
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 0 deletions.
diff --git a/aws/policy/application-services.yaml b/aws/policy/application-services.yaml
@@ -113,6 +113,29 @@ Statement:
       - cloudformation:SetStackPolicy
       - cloudformation:UpdateStack
       - cloudformation:UpdateTerminationProtection
+      - cloudfront:CreateDistribution
+      - cloudfront:CreateDistributionWithTags
+      - cloudfront:DeleteDistribution
+      - cloudfront:UpdateDistribution
+      - cloudfront:GetDistribution
+      - cloudfront:GetDistributionConfig
+      - cloudfront:GetStreamingDistribution
+      - cloudfront:GetStreamingDistributionConfig
+      - cloudfront:ListCloudFrontOriginAccessIdentities
+      - cloudfront:ListDistributions
+      - cloudfront:ListDistributionsByWebACLId
+      - cloudfront:ListStreamingDistributions
+      - cloudfront:CreateCloudFrontOriginAccessIdentity
+      - cloudfront:DeleteCloudFrontOriginAccessIdentity
+      - cloudfront:GetCloudFrontOriginAccessIdentity
+      - cloudfront:GetCloudFrontOriginAccessIdentityConfig
+      - cloudfront:UpdateCloudFrontOriginAccessIdentity
+      - cloudfront:GetInvalidation
+      - cloudfront:CreateInvalidation
+      - cloudfront:TagResource
+      - cloudfront:UntagResource
+      - cloudfront:ListTagsForResource
+      - cloudfront:DeleteStreamingDistribution
       - cloudwatch:DeleteAlarms
       - cloudwatch:DescribeAlarms
       - cloudwatch:PutMetricAlarm
@@ -167,6 +190,7 @@ Statement:
     Resource:
       - 'arn:aws:ssm:{{ aws_region }}:{{ aws_account_id }}:document/*'
       - 'arn:aws:cloudformation:{{ aws_region }}:{{ aws_account_id }}:stack/*'
+      - 'arn:aws:cloudfront::{{ aws_account_id }}:distribution/*'
       - 'arn:aws:cloudwatch:{{ aws_region }}:{{ aws_account_id }}:alarm:*'
       - 'arn:aws:codebuild:{{ aws_region }}:{{ aws_account_id }}:*'
       - 'arn:aws:codecommit:{{ aws_region }}:{{ aws_account_id }}:*'

diff --git a/aws/terminator/application_services.py b/aws/terminator/application_services.py
@@ -367,3 +367,41 @@ def name(self):
 
     def terminate(self):
         self.client.delete_document(Name=self.name)
+
+
+class CloudFrontDistribution(Terminator):
+    @staticmethod
+    def create(credentials):
+        def paginate_distributions(client):
+            return client.get_paginator('list_distributions').paginate().build_full_result()['DistributionList']['Items']
+        return Terminator._create(credentials, CloudFrontDistribution, 'cloudfront', paginate_distributions)
+
+    @property
+    def created_time(self):
+        return self.instance['LastModifiedTime']
+
+    @property
+    def name(self):
+        return self.instance['DomainName']
+
+    def terminate(self):
+        self.client.delete_distribution(Id=self.instance['Id'])
+
+
+class CloudFrontStreamingDistribution(Terminator):
+    @staticmethod
+    def create(credentials):
+        def paginate_streaming_distributions(client):
+            return client.get_paginator('list_streaming_distributions').paginate().build_full_result()['StreamingDistributionList']['Items']
+        return Terminator._create(credentials, CloudFrontStreamingDistribution, 'cloudfront', paginate_streaming_distributions)
+
+    @property
+    def created_time(self):
+        return self.instance['LastModifiedTime']
+
+    @property
+    def name(self):
+        return self.instance['DomainName']
+
+    def terminate(self):
+        self.client.delete_streaming_distribution(Id=self.instance['Id'])