gbvanrenswoude · February 9, 2022 23:05
diff --git a/aspect.py b/aspect.py
 from constructs import Construct, IConstruct
 import jsii
 from aws_cdk import App, Stack, SecretValue, Aspects, IAspect, CfnResource
 from aws_cdk import (
    aws_iam as iam,
 )


 # This is an example Aspect that adds a permissions boundary to an IAM Role
 # I didn't clean imports sorry
 @jsii.implements(IAspect)
 class PermissionsBoundaryChecker:

    def __init__(self, permission_boundary_arn: str):
        self.permissions_boundary_arn = permission_boundary_arn
  

    def visit(self, construct: IConstruct):
        if isinstance(construct, iam.Role):
            resource: CfnResource = construct.node.default_child
            resource.add_property_override(property_path='PermissionsBoundary', value=self.permissions_boundary_arn)
            
 class InfrastructureStack(Stack):

    def __init__(self, scope: Construct, construct_id: str, branch: str, application_name: str = 'example',
                 **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)
        
        permissions_boundary = iam.ManagedPolicy.from_managed_policy_name(
            self,
            'data_mn_permission_boundary',
            managed_policy_name='example-permissions-boundary'
        )
        
        task_role = iam.Role(
            self,
            'task_role',
            assumed_by=iam.ServicePrincipal('ecs-tasks.amazonaws.com')
        )
        
        Aspects.of(self).add(PermissionsBoundaryChecker(permissions_boundary.managed_policy_arn))
	from constructs import Construct, IConstruct
	import jsii
	from aws_cdk import App, Stack, SecretValue, Aspects, IAspect, CfnResource
	from aws_cdk import (
	aws_iam as iam,
	)


	# This is an example Aspect that adds a permissions boundary to an IAM Role
	# I didn't clean imports sorry
	@jsii.implements(IAspect)
	class PermissionsBoundaryChecker:

	def __init__(self, permission_boundary_arn: str):
	self.permissions_boundary_arn = permission_boundary_arn


	def visit(self, construct: IConstruct):
	if isinstance(construct, iam.Role):
	resource: CfnResource = construct.node.default_child
	resource.add_property_override(property_path='PermissionsBoundary', value=self.permissions_boundary_arn)

	class InfrastructureStack(Stack):

	def __init__(self, scope: Construct, construct_id: str, branch: str, application_name: str = 'example',
	**kwargs) -> None:
	super().__init__(scope, construct_id, **kwargs)

	permissions_boundary = iam.ManagedPolicy.from_managed_policy_name(
	self,
	'data_mn_permission_boundary',
	managed_policy_name='example-permissions-boundary'
	)

	task_role = iam.Role(
	self,
	'task_role',
	assumed_by=iam.ServicePrincipal('ecs-tasks.amazonaws.com')
	)

	Aspects.of(self).add(PermissionsBoundaryChecker(permissions_boundary.managed_policy_arn))