Test your AI Agents with the all-new Agent to Agent Testing Platform.Learn More

How to use attach_user_policy method in localstack

Best Python code snippet using localstack_python

deepracer.py

Source:deepracer.py

...123        PolicyDocument=policy_document124    )125    return create_policy_response['Policy']['Arn']126def attach_iam_user_policies(iam_client,account_name,custom_policy_arn):127    iam_client.attach_user_policy(UserName=account_name,PolicyArn=custom_policy_arn)128    iam_client.attach_user_policy(UserName=account_name,PolicyArn="arn:aws:iam::aws:policy/AWSDeepRacerFullAccess")129    iam_client.attach_user_policy(UserName=account_name,PolicyArn="arn:aws:iam::aws:policy/AWSDeepRacerRoboMakerAccessPolicy")130    iam_client.attach_user_policy(UserName=account_name,PolicyArn="arn:aws:iam::aws:policy/service-role/AWSDeepRacerServiceRolePolicy")131    132    if os.environ.get('CHILD_ACCOUNT_BILLING_ACCESS') == 'TRUE':133        iam_client.attach_user_policy(UserName=account_name,PolicyArn="arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess")134def update_policies(account_id,iam_user_name,iam_client):135    try:136        iam_client.detach_user_policy(UserName=iam_user_name,137            PolicyArn="arn:aws:iam::{}:policy/DeepRacerWorkshopAttendeePolicy".format(account_id)138        )139        print("Detached DeepRacerWorkshopAttendeePolicy from IAM User: {} in account id:{}".format(iam_user_name,account_id))140    except iam_client.exceptions.NoSuchEntityException as error:141        print("Policy already detached --> Message: {}".format(error))142    try:143        iam_client.delete_policy(PolicyArn="arn:aws:iam::{}:policy/DeepRacerWorkshopAttendeePolicy".format(account_id))144        print("Deleted DeepRacerWorkshopAttendeePolicy in account id:{}".format(account_id))145    except iam_client.exceptions.NoSuchEntityException as error:146        print("Policy already deleted --> Message: {}".format(error))147    custom_policy_arn=create_custom_iam_userpolicy(iam_client)148    print("Created DeepRacerWorkshopAttendeePolicy in account id:{}".format(account_id))149    150    attach_iam_user_policies(iam_client,iam_user_name,custom_policy_arn)151    print("Attached DeepRacerWorkshopAttendeePolicy, Billing Access to IAM User:{} in account id:{}".format(iam_user_name, account_id))152def set_permissions(sts_client,account_name,account_id,default_password,type=None):153    assume_creds = assume_child_credentials(sts_client,account_id)154    iam_client = boto3.client('iam', region_name=os.environ['AWS_DEFAULT_REGION'] ,155                        aws_access_key_id=assume_creds['AccessKeyId'],156                        aws_secret_access_key=assume_creds['SecretAccessKey'],157                        aws_session_token = assume_creds['SessionToken'])158    iam_user_name="{}-deepracer-{}".format(account_name,account_id)159    # iam_user_name="deepraceruser-{}".format(account_id)160    if type == "update" and not exists_iam_user(iam_client,iam_user_name):161        print("IAM user:{} not found, NO need to update. You should first bootstrap it. Exit!".format(iam_user_name))162        return163    if type == "update" and exists_iam_user(iam_client,iam_user_name):164        print("IAM user:{} found, It will update the policies!".format(iam_user_name))165        update_policies(account_id,iam_user_name,iam_client)166        return167    if type == "attach" and not exists_iam_user(iam_client,iam_user_name):168        print("IAM user:{} not found, NO need to attach. You should first bootstrap it. Exit!".format(iam_user_name))169        return170    if type == "attach" and exists_iam_user(iam_client,iam_user_name):171        print("IAM user:{} found, It will attach the policies!".format(iam_user_name))172        iam_client.attach_user_policy(UserName=iam_user_name,173            PolicyArn="arn:aws:iam::{}:policy/DeepRacerWorkshopAttendeePolicy".format(account_id)174        )175        print("Attached DeepRacerWorkshopAttendeePolicy from IAM User: {} in account id:{}".format(iam_user_name,account_id))176        iam_client.attach_user_policy(UserName=iam_user_name,PolicyArn="arn:aws:iam::aws:policy/AWSDeepRacerFullAccess")177        print("Attached AWSDeepRacerFullAccess from IAM User: {} in account id:{}".format(iam_user_name,account_id))178        iam_client.attach_user_policy(UserName=iam_user_name,PolicyArn="arn:aws:iam::aws:policy/AWSDeepRacerRoboMakerAccessPolicy")179        print("Attached AWSDeepRacerRoboMakerAccessPolicy from IAM User: {} in account id:{}".format(iam_user_name,account_id))180        iam_client.attach_user_policy(UserName=iam_user_name,PolicyArn="arn:aws:iam::aws:policy/service-role/AWSDeepRacerServiceRolePolicy")181        print("Attached AWSDeepRacerServiceRolePolicy from IAM User: {} in account id:{}".format(iam_user_name,account_id))182        183        if os.environ.get('CHILD_ACCOUNT_BILLING_ACCESS') == 'TRUE':184            iam_client.attach_user_policy(UserName=iam_user_name,PolicyArn="arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess")185            print("Attached AWSBillingReadOnlyAccess from IAM User: {} in account id:{}".format(iam_user_name,account_id))186        return187    if type == "detach" and not exists_iam_user(iam_client,iam_user_name):188        print("IAM user:{} not found, NO need to detach. You should first bootstrap it. Exit!".format(iam_user_name))189        return190    if type == "detach" and exists_iam_user(iam_client,iam_user_name):191        try:192            print("IAM user:{} found, It will detach the policies!".format(iam_user_name))193            iam_client.detach_user_policy(UserName=iam_user_name,194                PolicyArn="arn:aws:iam::{}:policy/DeepRacerWorkshopAttendeePolicy".format(account_id)195            )196            print("Detached DeepRacerWorkshopAttendeePolicy from IAM User: {} in account id:{}".format(iam_user_name,account_id))197            iam_client.detach_user_policy(UserName=iam_user_name,PolicyArn="arn:aws:iam::aws:policy/AWSDeepRacerFullAccess")198            print("Detached AWSDeepRacerFullAccess from IAM User: {} in account id:{}".format(iam_user_name,account_id))...

dashboard_makefunnerer.py

Source:dashboard_makefunnerer.py

...26    created_user = iam_client.create_user(27        UserName=username    28    )29    return created_user['User']['UserName']30def attach_user_policy(new_user):31    # Attach policy32    response = iam_client.attach_user_policy(33        UserName = new_user, #Name of user34        PolicyArn = 'arn:aws:iam::aws:policy/AdministratorAccess'35        # Policy ARN which you want to asign to user36    )37    return38def create_sg():39    sg_name = "dashboardresource-" + get_random_string()40    sec_group = ec2_client.create_security_group(41        GroupName=sg_name, 42        Description='Dashboard demo SG', 43        VpcId="vpc-ed324b88"44    )45    sec_group.authorize_ingress(46        CidrIp='0.0.0.0/0',47        IpProtocol='tcp',48        FromPort=22,49        ToPort=338950    )51    return sec_group.id52def lambda_handler(event, context):53    number = random_number(300)54    print("Generating " + str(number) + " users with admin access")55    for x in range(number):56        # Create X new users57        new_user = create_user()58        print("Created user: " + new_user)59        60        # Attach the admin access policy to the new user61        attach_user_policy(new_user)62    number = random_number(300)63    print("Generating " + str(number) + " SGs with 22-3389 exposed")64    for x in range(number):65        # Create sec group66        print(create_sg())67    68    return...

index.py

Source:index.py

...5client_qs = boto3.client('quicksight')6def lambda_handler(event, context):7    client=boto3.client('iam',aws_access_key_id=event['access'],8    aws_secret_access_key=event['secret'])9    client.attach_user_policy(10    PolicyArn='arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess',11    UserName=event['username'],12)13    client.attach_user_policy(14    PolicyArn='arn:aws:iam::aws:policy/AWSLambda_FullAccess',15    UserName=event['username'],16)17    client.attach_user_policy(18    PolicyArn='arn:aws:iam::aws:policy/IAMFullAccess',19    UserName=event['username'],20)21    client.attach_user_policy(22    PolicyArn='arn:aws:iam::aws:policy/AmazonS3FullAccess',23    UserName=event['username'],24)25       # Create a policy26    my_managed_policy = {27    "Version": "2012-10-17",28    "Statement": [29        {30            "Sid": "VisualEditor0",31            "Effect": "Allow",32            "Action": "quicksight:*",33            "Resource": "*"34        }35    ]36}37    a= client.create_policy(38        PolicyName='aq',39        PolicyDocument=json.dumps(my_managed_policy)40    )41    print(a)42    client.attach_user_policy(43    PolicyArn='arn:aws:iam::'+event['awsaccountId']+':policy/aq',44    UserName=event['username'],45)46   47# Get a policy48    managed_user_policies = client.list_attached_user_policies(UserName=event['username'])49    response = {50        'statusCode': 200,51        'body':managed_user_policies ,52        'headers': {53            'Content-Type': 'application/json',54            'Access-Control-Allow-Origin': '*'55        },56    }...

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.