NAME

VM::EC2::Security::Policy -- Simple IAM policy generator for EC2

SYNOPSIS

 my $policy = VM::EC2::Security::Policy->new;
 $policy->allow('Describe*','CreateVolume','delete_volume');
 $policy->deny('DescribeVolumes');
 print $policy->as_string;

DESCRIPTION

This is a very simple Identity and Access Management (IAM) policy statement generator that works sufficiently well to create policies to control access EC2 resources. It is not fully general across all AWS services.

METHODS

This section describes the methods available to VM::EC2::Security::Policy. You will create a new, empty, policy using new(), grant access to EC2 actions using allow(), and deny access to EC2 actions using deny(). When you are done, either call as_string(), or just use the policy object in a string context, to get a properly-formatted policy string.

allow() and deny() return the modified object, allowing you to chain methods. For example:

 my $p = VM::EC2::Security::Policy->new
             ->allow('Describe*')
             ->deny('DescribeImages','DescribeInstances');
 print $p;

$policy = VM::EC2::Security::Policy->new()

This class method creates a new, empty policy object. The default policy object denies all access to EC2 resources.

$policy->allow('action1','action2','action3',...)

Grant access to the listed EC2 actions. You may specify actions using Amazon's MixedCase notation (e.g. "DescribeInstances"), or using VM::EC2's more Perlish underscore notation (e.g. "describe_instances"). You can find the list of actions in VM::EC2, or in the Amazon API documentation at http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/OperationList-query.html.

The "*" wildcard allows you to indicate a series of matching operations. For example, to allow all Describe operations:

 $policy->allow('Describe*')

As described earlier, allow() returns the object, making it easy to chain methods.

$policy->deny('action1','action2','action3',...)

Similar to allow(), but in this case denies access to certain actions. Deny statements take precedence over allow statements.

As described earlier, deny() returns the object, making it easy to chain methods.

$string = $policy->as_string

Converts the policy into a JSON string that can be passed to VM::EC2->get_federation_token(), or other AWS libraries.

STRING OVERLOADING

When used in a string context, this object will interpolate into the policy JSON string using as_string().

AUTHOR

Lincoln Stein <lincoln.stein@gmail.com>.

This package and its accompanying libraries is free software; you can redistribute it and/or modify it under the terms of the GPL (either version 1, or at your option, any later version) or the Artistic License 2.0. Refer to LICENSE for the full license text. In addition, please see DISCLAIMER.txt for disclaimers of warranty.

To install VM::EC2, copy and paste the appropriate command in to your terminal.

cpanm

cpanm VM::EC2

CPAN shell

perl -MCPAN -e shell
install VM::EC2

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)