tomzx / policy-evaluator
Policy evaluator based on AWS AMI Policies.
Installs: 6 421
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 2
Forks: 1
Open Issues: 5
Requires
- php: >=5.6.0
Requires (Dev)
- phpunit/phpunit: ^5
This package is auto-updated.
Last update: 2025-01-10 08:34:49 UTC
README
Policy Evaluator
is a simple system based on AWS Policies. Given a set of statements, Policy Evaluator
will then be able to answers to queries about whether this set of policies is allowed (or not) to perform a given action on a given resource.
Getting started
php composer.phar require tomzx/policy-evaluator
Example
use tomzx\PolicyEvaluator\Evaluator; use tomzx\PolicyEvaluator\Resource; Resource::$prefix = 'arn'; $evaluator = new Evaluator([ 'Statement' => [ [ 'Action' => 'service:*', 'Resource' => 'arn:aws:*', 'Effect' => 'Allow', ], [ 'Action' => 's3:*', 'Resource' => 'arn:aws:s3:::my-bucket/*', 'Effect' => 'Allow', ], ], ]); $evaluator->canExecuteActionOnResource('service:test', 'arn:aws:test'); $evaluator->canExecuteActionOnResource('s3:GetObject', 'arn:aws:s3:::my-bucket/some-file');
Variables support
use tomzx\PolicyEvaluator\Evaluator; use tomzx\PolicyEvaluator\Resource; Resource::$prefix = 'arn'; $evaluator = new Evaluator([ 'Statement' => [ [ 'Action' => 'service:*', 'Resource' => 'arn:aws:${aws:username}', 'Effect' => 'Allow', ], ], ]); $evaluator->canExecuteActionOnResource('service:test', 'arn:aws:test', [ 'aws:username' => 'someUsername', ]);
License
The code is licensed under the MIT license. See LICENSE.