diff --git a/examples/ElastiCacheRedis.py b/examples/ElastiCacheRedis.py index 9d9762695..cd00910e1 100755 --- a/examples/ElastiCacheRedis.py +++ b/examples/ElastiCacheRedis.py @@ -11,6 +11,7 @@ import troposphere.ec2 as ec2 import troposphere.elasticache as elasticache import troposphere.iam as iam +import awacs from awacs.aws import (Allow, Statement, @@ -262,31 +263,21 @@ def main(): ] ), Path='/', - )) + )) template.add_resource(iam.PolicyType( 'WebServerRolePolicy', PolicyName='WebServerRole', - # PolicyDocument=Policy( - # Statement=[ - # Statement( - # Effect=Allow, - # Action=['elasticache:DescribeCacheClusters'], - # Resource=['*'], - # ) - # ] - # ) - # The following can probably be fixed to use # - # awacs (above didn't work) # - PolicyDocument={ - "Statement": [{ - "Effect": "Allow", - "Action": "elasticache:DescribeCacheClusters", - "Resource": "*" - }] - }, + PolicyDocument=awacs.aws.Policy( + Statement=[awacs.aws.Statement( + Action=[awacs.aws.Action("elasticache", + "DescribeCacheClusters")], + Resource=["*"], + Effect=awacs.aws.Allow + )] + ), Roles=[Ref(webserverrole)], - )) + )) webserverinstanceprofile = template.add_resource(iam.InstanceProfile( 'WebServerInstanceProfile', diff --git a/tests/examples_output/ElastiCacheRedis.template b/tests/examples_output/ElastiCacheRedis.template index 2cab944a1..f5bf47227 100644 --- a/tests/examples_output/ElastiCacheRedis.template +++ b/tests/examples_output/ElastiCacheRedis.template @@ -670,9 +670,13 @@ "PolicyDocument": { "Statement": [ { - "Action": "elasticache:DescribeCacheClusters", + "Action": [ + "elasticache:DescribeCacheClusters" + ], "Effect": "Allow", - "Resource": "*" + "Resource": [ + "*" + ] } ] },