Policy Evaluator
is a simple system based on AWS Policies. Given a set of statements, Policy Evaluator
will then be able to answers to queries about whether this set of policies is allowed (or not) to perform a given action on a given resource.
php composer.phar require tomzx/policy-evaluator
use tomzx\PolicyEvaluator\Evaluator;
use tomzx\PolicyEvaluator\Resource;
Resource::$prefix = 'arn';
$evaluator = new Evaluator([
'Statement' => [
[
'Action' => 'service:*',
'Resource' => 'arn:aws:*',
'Effect' => 'Allow',
],
[
'Action' => 's3:*',
'Resource' => 'arn:aws:s3:::my-bucket/*',
'Effect' => 'Allow',
],
],
]);
$evaluator->canExecuteActionOnResource('service:test', 'arn:aws:test');
$evaluator->canExecuteActionOnResource('s3:GetObject', 'arn:aws:s3:::my-bucket/some-file');
use tomzx\PolicyEvaluator\Evaluator;
use tomzx\PolicyEvaluator\Resource;
Resource::$prefix = 'arn';
$evaluator = new Evaluator([
'Statement' => [
[
'Action' => 'service:*',
'Resource' => 'arn:aws:${aws:username}',
'Effect' => 'Allow',
],
],
]);
$evaluator->canExecuteActionOnResource('service:test', 'arn:aws:test', [
'aws:username' => 'someUsername',
]);
The code is licensed under the MIT license. See LICENSE.