#aws #iam #aspen

scratchstack-aws-principal

Principal types for AWS/AWS-like services

15 releases

0.4.8 Jan 10, 2023
0.4.7 Oct 22, 2022
0.3.3 Apr 2, 2022
0.3.1 May 1, 2021
0.2.2 Apr 25, 2021

#566 in Network programming

Download history 76/week @ 2023-01-18 119/week @ 2023-01-25 53/week @ 2023-02-01 63/week @ 2023-02-08 101/week @ 2023-02-15 33/week @ 2023-02-22 18/week @ 2023-03-01 17/week @ 2023-03-08 61/week @ 2023-03-15 1/week @ 2023-03-22 14/week @ 2023-03-29 12/week @ 2023-04-05 15/week @ 2023-04-12 19/week @ 2023-04-19 16/week @ 2023-04-26 21/week @ 2023-05-03

73 downloads per month
Used in 7 crates (6 directly)

MIT license

185KB
3.5K SLoC

Actor principals for AWS and AWS-like services.

Principals come in two "flavors": actor principals and policy principals. Policy principals are used in Aspen documents and have a source ("AWS", "CanonicalUser", "Federated", or "Service") and an associated value which may contain wildcards. These are implemented in the scratchstack-aspen crate.

On the service implementation side, actor principals (represented by [Principal] here) are exact, without wildcards. Beyond the core details, there are additional details attached to a principal actor that can be referenced in policy variables. For example, IAM users have a universally unique ID. If the /Sales/Bob user is deleted and re-created, these two users will have the same ARN but different unique IDs that can be referenced via the aws:userid condition key. These details are carried in [SessionData] structures apart from the [Principal] itself.

Dependencies

~2–2.9MB
~63K SLoC