Skip to content
This repository was archived by the owner on Oct 7, 2025. It is now read-only.

Commit 0056ac0

Browse files
author
Matej Stajduhar
committed
Merge branch 'Updatng-permissions-and-adding-more-functions' into Updatng-permissions-and-adding-more-functions-PR-devel-2.x
2 parents 1db53ae + 0d5e311 commit 0056ac0

File tree

6 files changed

+66
-5
lines changed

6 files changed

+66
-5
lines changed

roles/aws/aws_admin_tools/defaults/main.yml

Lines changed: 26 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,19 +4,40 @@ aws_admin_tools:
44
allowed_ips:
55
- 192.168.1.1/32 # Ip of server with access to API-s
66
functions:
7-
- name: "GetForecastedCosts"
7+
- name: "Get_Forecasted_Costs"
88
type: GET
99
inline_policies:
1010
name: "{{ _aws_profile }}Billing"
1111
resource: "*"
1212
acton:
1313
- "ce:*"
1414
policies: []
15-
- name: "ChangeASGScaling"
15+
- name: "Change_ASG_Scaling"
1616
type: POST
1717
policies:
1818
- arn:aws:iam::aws:policy/AmazonEC2FullAccess
19-
- name: "GetListOfEC2"
19+
- name: "Get_List_Of_EC2"
2020
type: GET
21-
policies:
22-
- arn:aws:iam::aws:policy/AmazonEC2FullAccess
21+
policies: []
22+
inline_policies:
23+
name: "ListEc2"
24+
resource: "*"
25+
acton:
26+
- "ec2:DescribeAddresses"
27+
- "ec2:DescribeInstances"
28+
- name: "Get_IP_Set"
29+
type: GET
30+
policies: []
31+
inline_policies:
32+
name: "Get_IP_Set"
33+
resource: "*"
34+
acton:
35+
- "wafv2:GetIPSet"
36+
- name: "Update_IP_Set"
37+
type: POST
38+
policies: []
39+
inline_policies:
40+
name: "Update_IP_Set"
41+
resource: "*"
42+
acton:
43+
- "wafv2:UpdateIPSet"

roles/aws/aws_admin_tools/templates/API_ChangeASGScaling.py.j2 renamed to roles/aws/aws_admin_tools/templates/API_Change_ASG_Scaling.py.j2

File renamed without changes.

roles/aws/aws_admin_tools/templates/API_GetForecastedCosts.py.j2 renamed to roles/aws/aws_admin_tools/templates/API_Get_Forecasted_Costs.py.j2

File renamed without changes.

roles/aws/aws_admin_tools/templates/API_Get_IP_Set

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
import json
2+
import boto3
3+
4+
waf_cli = boto3.client("wafv2")
5+
6+
def lambda_handler(event, context):
7+
8+
print("Gathering instance details.")
9+
ip_set=waf_cli.get_ip_set(
10+
Name=event['ip_set'],
11+
Scope='REGIONAL',
12+
Id=event['id']
13+
)
14+
15+
return {
16+
'statusCode': 200,
17+
'name': ip_set['IPSet']['Name'],
18+
'id': ip_set['IPSet']['Id'],
19+
'addresses': ip_set['IPSet']['Addresses'],
20+
'lock_token': ip_set['LockToken'],
21+
}

roles/aws/aws_admin_tools/templates/API_GetListOfEC2.py.j2 renamed to roles/aws/aws_admin_tools/templates/API_Get_List_Of_EC2.py.j2

File renamed without changes.

roles/aws/aws_admin_tools/templates/API_Update_IP_Set

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
import json
2+
import boto3
3+
4+
waf_cli = boto3.client("wafv2")
5+
6+
def lambda_handler(event, context):
7+
8+
response = waf_cli.update_ip_set(
9+
Name=event['name'],
10+
Scope=event['scope'],
11+
Id=event['id'],
12+
Addresses=event['addresses'],
13+
LockToken=event['lock_token']
14+
)
15+
16+
return {
17+
'statusCode': 200,
18+
'body': response
19+
}

0 commit comments

Comments
 (0)