pycfmodel

A python model for CloudFormation scripts

1.0.1
PyPI

Maintainers: 7

pycfmodel

License

A python model for Cloud Formation scripts.

pycfmodel makes it easier to work with CloudFormation scripts in Python by creating a model comprised of python objects. Objects have various helper functions which help with performing common tasks related to parsing and inspecting CloudFormation scripts.

pip install pycfmodel

Currently Supported

AWSTemplateFormatVersion
Conditions
Description
Mappings
Metadata
Outputs
Parameters
Resources:
- Properties:
  - Policy
  - Policy Document
  - Principal
  - Security Group Egress Prop
  - Security Group Ingress Prop
  - Statement
  - Tag
- EC2 VPC Endpoint Policy
- Generic Resource
- IAM Group
- IAM Managed Policy
- IAM Policy
- IAM Role
- IAM User
- KMS Key
- OpenSearch Service (legacy ElasticSearch resource)
  - Elasticsearch Domain
- OpenSearch Service
  - OpenSearchService Domain
- S3 Bucket
- S3 Bucket Policy
- Security Group
- Security Group Egress
- Security Group Ingress
- SNS Topic Policy
- SQS Queue Policy
Transform

Example

from pycfmodel import parse

template = {
    "AWSTemplateFormatVersion": "2010-09-09",
    "Parameters": {"StarParameter": {"Type": "String", "Default": "*", "Description": "Star Param"}},
    "Resources": {
        "rootRole": {
            "Type": "AWS::IAM::Role",
            "Properties": {
                "AssumeRolePolicyDocument": {
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {"AWS": {"Fn::Sub": "arn:aws:iam::${AWS::AccountId}:root"}},
                            "Action": ["sts:AssumeRole"],
                        }
                    ],
                },
                "Path": "/",
                "Policies": [
                    {
                        "PolicyName": "root",
                        "PolicyDocument": {
                            "Version": "2012-10-17",
                            "Statement": [
                                {
                                    "Effect": "Allow",
                                    "Action": {"Ref": "StarParameter"},
                                    "Resource": {"Ref": "StarParameter"},
                                }
                            ],
                        },
                    }
                ],
            },
        }
    },
}

model = parse(template).resolve(extra_params={"AWS::AccountId": "123"})
rootRole = model.Resources["rootRole"]
policy = rootRole.Properties.Policies[0]
statement = policy.PolicyDocument.Statement[0]

assert statement.Action == "*"
assert statement.Resource == "*"
assert rootRole.Properties.AssumeRolePolicyDocument.Statement[0].Principal == {"AWS": "arn:aws:iam::123:root"}

Local Development Commands

make install-dev
make coverage
make test
make freeze

If the test tests/test_constants.py::test_cloudformation_actions is failing, it can be resolved by updating the known AWS Actions:

python3 scripts/generate_cloudformation_actions_file.py

FAQs

What is pycfmodel?

Is pycfmodel well maintained?

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

pycfmodel

pycfmodel

Currently Supported

Example

Local Development Commands

Related posts

Bybit Hack Puts Crypto Losses at $1.6B, Surpassing All of Last Year in Just Two Months

OpenSSF Launches Open Source Project Security Baseline to Strengthen Software Supply Chain