Policy Evaluator

, _(*1)

Policy Evaluator is a simple system based on AWS Policies. Given a set of statements, Policy Evaluator will then be able to answers to queries about whether this set of policies is allowed (or not) to perform a given action on a given resource., _(*2)

Getting started

php composer.phar require tomzx/policy-evaluator, _(*3)

Example

use tomzx\PolicyEvaluator\Evaluator;
use tomzx\PolicyEvaluator\Resource;

Resource::$prefix = 'arn';

$evaluator = new Evaluator([
    'Statement' => [
        [
            'Action' => 'service:*',
            'Resource' => 'arn:aws:*',
            'Effect' => 'Allow',
        ],
        [
            'Action' => 's3:*',
            'Resource' => 'arn:aws:s3:::my-bucket/*',
            'Effect' => 'Allow',
        ],
    ],
]);

$evaluator->canExecuteActionOnResource('service:test', 'arn:aws:test');
$evaluator->canExecuteActionOnResource('s3:GetObject', 'arn:aws:s3:::my-bucket/some-file');

Variables support

use tomzx\PolicyEvaluator\Evaluator;
use tomzx\PolicyEvaluator\Resource;

Resource::$prefix = 'arn';

$evaluator = new Evaluator([
    'Statement' => [
        [
            'Action' => 'service:*',
            'Resource' => 'arn:aws:${aws:username}',
            'Effect' => 'Allow',
        ],
    ],
]);

$evaluator->canExecuteActionOnResource('service:test', 'arn:aws:test', [
    'aws:username' => 'someUsername',
]);

License

The code is licensed under the MIT license. See LICENSE., _(*4)

20/02 2018

dev-master

9999999-dev https://github.com/tomzx/policy-evaluator

Policy evaluator based on AWS AMI Policies.

Sources Download

MIT

The Requires

php >=5.6.0

The Development Requires

phpunit/phpunit ^5

by Tom Rochette

aws policy policies policy evaluator

library policy-evaluator