This section describes the methods available to
VM::EC2::Security::Policy. You will create a new, empty, policy using
new(), grant access to EC2 actions using allow(), and deny access to
EC2 actions using deny(). When you are done, either call as_string(),
or just use the policy object in a string context, to get a
properly-formatted policy string.
allow() and deny() return the modified object, allowing you to chain
methods. For example:
my $p = VM::EC2::Security::Policy->new
CW$policy = VM::EC2::Security::Policy->new()
This class method creates a new, empty policy object. The default
policy object denies all access to EC2 resources.
Grant access to the listed EC2 actions. You may specify actions using
Amazons MixedCase notation (e.g. DescribeInstances), or using
VM::EC2s more Perlish underscore notation
(e.g. describe_instances). You can find the list of actions in
VM::EC2, or in the Amazon API documentation at
The * wildcard allows you to indicate a series of matching
operations. For example, to allow all Describe operations:
As described earlier, allow() returns the object, making it easy to
Similar to allow(), but in this case denies access to certain
actions. Deny statements take precedence over allow statements.
As described earlier, deny() returns the object, making it easy to
CW$string = CW$policy->as_string
Converts the policy into a JSON string that can be passed to
VM::EC2->get_federation_token(), or other AWS libraries.
Lincoln Stein <firstname.lastname@example.org>.
Copyright (c) 2011 Ontario Institute for Cancer Research
This package and its accompanying libraries is free software; you can
redistribute it and/or modify it under the terms of the GPL (either
version 1, or at your option, any later version) or the Artistic
License 2.0. Refer to LICENSE for the full license text. In addition,
please see DISCLAIMER.txt for disclaimers of warranty.