private AmazonIdentityManagement client() { return AmazonIdentityManagementClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(new AWSCredentials() { @Override public String getAWSAccessKeyId() { return bookmark.getCredentials().getUsername(); } @Override public String getAWSSecretKey() { return bookmark.getCredentials().getPassword(); } })) .withClientConfiguration(configuration) .withRegion(Regions.DEFAULT_REGION).build(); }
void addRolesToIdentityPool(String unauthenticatedRoleName, String unauthenticatedRole, String authenticatedRoleName, String authenticatedRole, String identityPoolId, AmazonCognitoIdentity client, LambdaLogger logger) { // First update the roles to use the actual pool id in their conditions logger .log("Updating authenticated and unauthenticated roles to use the actual identity pool id: " + identityPoolId); AmazonIdentityManagement iamClient = AmazonIdentityManagementClientBuilder.standard().build(); UpdateAssumeRolePolicyRequest updateAssumeRolePolicyRequest = new UpdateAssumeRolePolicyRequest(); updateAssumeRolePolicyRequest.setRoleName(unauthenticatedRoleName); updateAssumeRolePolicyRequest.setPolicyDocument(getAssumeRolePolicyDocument(false, identityPoolId, logger)); iamClient.updateAssumeRolePolicy(updateAssumeRolePolicyRequest); updateAssumeRolePolicyRequest.setRoleName(authenticatedRoleName); updateAssumeRolePolicyRequest.setPolicyDocument(getAssumeRolePolicyDocument(true, identityPoolId, logger)); iamClient.updateAssumeRolePolicy(updateAssumeRolePolicyRequest); // And add the updated roles to the pool logger.log("Adding updated authenticated and unauthenticated roles to the identity pool"); SetIdentityPoolRolesRequest setIdentityPoolRolesRequest = new SetIdentityPoolRolesRequest(); setIdentityPoolRolesRequest.addRolesEntry("authenticated", authenticatedRole); setIdentityPoolRolesRequest.addRolesEntry("unauthenticated", unauthenticatedRole); setIdentityPoolRolesRequest.setIdentityPoolId(identityPoolId); client.setIdentityPoolRoles(setIdentityPoolRolesRequest); }
public static void main(String[] args) { final String USAGE = "To run this example, supply a username\n" + "Ex: CreateUser <username>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String username = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); CreateUserRequest request = new CreateUserRequest() .withUserName(username); CreateUserResult response = iam.createUser(request); System.out.println("Successfully created user: " + response.getUser().getUserName()); }
public static void main(String[] args) { final String USAGE = "To run this example, supply a certificate name\n" + "Ex: GetServerCertificate <certificate-name>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String cert_name = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); GetServerCertificateRequest request = new GetServerCertificateRequest() .withServerCertificateName(cert_name); GetServerCertificateResult response = iam.getServerCertificate(request); System.out.format("Successfully retrieved certificate with body %s", response.getServerCertificate().getCertificateBody()); }
public static void main(String[] args) { final String USAGE = "To run this example, supply a policy arn\n" + "Ex: GetPolicy <policy-arn>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String policy_arn = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); GetPolicyRequest request = new GetPolicyRequest() .withPolicyArn(policy_arn); GetPolicyResult response = iam.getPolicy(request); System.out.format("Successfully retrieved policy %s", response.getPolicy().getPolicyName()); }
public static void main(String[] args) { final String USAGE = "To run this example, supply a certificate name\n" + "Ex: DeleteServerCertificate <certificate-name>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String cert_name = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); DeleteServerCertificateRequest request = new DeleteServerCertificateRequest() .withServerCertificateName(cert_name); DeleteServerCertificateResult response = iam.deleteServerCertificate(request); System.out.println("Successfully deleted server certificate " + cert_name); }
public static void main(String[] args) { final String USAGE = "To run this example, supply a role name and policy arn\n" + "Ex: DetachRolePolicy <role-name> <policy-arn>>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String role_name = args[0]; String policy_arn = args[1]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); DetachRolePolicyRequest request = new DetachRolePolicyRequest() .withRoleName(role_name) .withPolicyArn(policy_arn); DetachRolePolicyResult response = iam.detachRolePolicy(request); System.out.println("Successfully detached policy " + policy_arn + " from role " + role_name); }
public static void main(String[] args) { final String USAGE = "To run this example, supply an account alias\n" + "Ex: DeleteAccountAlias <account-alias>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String alias = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); DeleteAccountAliasRequest request = new DeleteAccountAliasRequest() .withAccountAlias(alias); DeleteAccountAliasResult response = iam.deleteAccountAlias(request); System.out.println("Successfully deleted account alias " + alias); }
public static void main(String[] args) { final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); boolean done = false; ListUsersRequest request = new ListUsersRequest(); while(!done) { ListUsersResult response = iam.listUsers(request); for(User user : response.getUsers()) { System.out.format("Retrieved user %s", user.getUserName()); } request.setMarker(response.getMarker()); if(!response.getIsTruncated()) { done = true; } } }
public static void main(String[] args) { final String USAGE = "To run this example, supply an IAM user\n" + "Ex: CreateAccessKey <user>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String user = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); CreateAccessKeyRequest request = new CreateAccessKeyRequest() .withUserName(user); CreateAccessKeyResult response = iam.createAccessKey(request); System.out.println("Created access key: " + response.getAccessKey()); }
public static void main(String[] args) { final String USAGE = "To run this example, supply an access key id\n" + "Ex: AccessKeyLastUsed <access-key-id>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String access_id = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); GetAccessKeyLastUsedRequest request = new GetAccessKeyLastUsedRequest() .withAccessKeyId(access_id); GetAccessKeyLastUsedResult response = iam.getAccessKeyLastUsed(request); System.out.println("Access key was last used at: " + response.getAccessKeyLastUsed().getLastUsedDate()); }
public static void main(String[] args) { final String USAGE = "To run this example, supply a policy name\n" + "Ex: CreatePolicy <policy-name>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String policy_name = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); CreatePolicyRequest request = new CreatePolicyRequest() .withPolicyName(policy_name) .withPolicyDocument(POLICY_DOCUMENT); CreatePolicyResult response = iam.createPolicy(request); System.out.println("Successfully created policy: " + response.getPolicy().getPolicyName()); }
public static void main(String[] args) { final String USAGE = "To run this example, supply a username and access key id\n" + "Ex: DeleteAccessKey <username> <access-key-id>\n"; if (args.length != 2) { System.out.println(USAGE); System.exit(1); } String username = args[0]; String access_key = args[1]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); DeleteAccessKeyRequest request = new DeleteAccessKeyRequest() .withAccessKeyId(access_key) .withUserName(username); DeleteAccessKeyResult response = iam.deleteAccessKey(request); System.out.println("Successfully deleted access key " + access_key + " from user " + username); }
public static void main(String[] args) { final String USAGE = "To run this example, supply an alias\n" + "Ex: CreateAccountAlias <alias>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String alias = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); CreateAccountAliasRequest request = new CreateAccountAliasRequest() .withAccountAlias(alias); CreateAccountAliasResult response = iam.createAccountAlias(request); System.out.println("Successfully created account alias: " + alias); }
@Override public void execute() throws MojoExecutionException, MojoFailureException { Proxy proxy = new Proxy(httpsProxyHost, httpsProxyPort, httpsProxyUsername, httpsProxyPassword); AwsKeyPair keyPair = Util.getAwsKeyPair(serverId, awsAccessKey, awsSecretAccessKey, settings, decrypter); final AWSCredentialsProvider credentials = new AWSStaticCredentialsProvider( new BasicAWSCredentials(keyPair.key, keyPair.secret)); ClientConfiguration cc = Util.createConfiguration(proxy); AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder // .standard() // .withRegion(region) // .withCredentials(credentials) // .withClientConfiguration(cc) // .build(); String accountId = iam.getUser().getUser().getUserId(); project.getProperties().setProperty("aws.account.id", accountId); getLog().info("The following properties have been set for the project"); getLog().info("aws.account.id=" + accountId); }
public static PrincipalAutoSuggestion fromCredentials(AWSCredentialsProvider awsCredentials, ClientConfiguration clientConfiguration) { AmazonIdentityManagement client = AmazonIdentityManagementClientBuilder.standard() .withCredentials(awsCredentials) .withClientConfiguration(transformAndVerifyOrThrow(clientConfiguration)) .withRegion(RegionResolver.getRegion()) .build(); return new PrincipalAutoSuggestion(client); }
public static IAMPolicyManager fromCredentials(AWSCredentialsProvider awsCredentials, ClientConfiguration clientConfiguration) { AmazonIdentityManagement client = AmazonIdentityManagementClientBuilder.standard() .withCredentials(awsCredentials) .withClientConfiguration(transformAndVerifyOrThrow(clientConfiguration)) .withRegion(RegionResolver.getRegion()) .build(); return new IAMPolicyManager(client, awsCredentials, clientConfiguration); }
private static void cleanUpIAM(Regions testRegion, String testResourcePrefix, Date createdBeforeThreshold, AWSCredentialsProvider awsCredentials) { AmazonIdentityManagement iamClient = AmazonIdentityManagementClientBuilder.standard() .withCredentials(awsCredentials) .withRegion(testRegion) .build(); IAMPolicyManager iamPolicyManager = IAMPolicyManager.fromCredentials(awsCredentials, new ClientConfiguration()); LOG.info("Cleaning IAM policies..."); ListPoliciesRequest listPoliciesRequest = new ListPoliciesRequest().withPathPrefix(IAMPolicyManager.PATH_PREFIX); List<Policy> policies = iamClient.listPolicies(listPoliciesRequest).getPolicies(); for (Policy policy: policies) { if (policy.getPolicyName().startsWith(testResourcePrefix) && policy.getCreateDate().before(createdBeforeThreshold)) { LOG.info("Cleaning up policy: " + policy.getPolicyName()); IAMPolicyName iamPolicyName = IAMPolicyName.fromString(policy.getPolicyName()); iamPolicyManager.detachAllPrincipals(iamPolicyName.group); DeletePolicyRequest deletePolicyRequest = new DeletePolicyRequest().withPolicyArn(policy.getArn()); iamClient.deletePolicy(deletePolicyRequest); } } LOG.info("Cleaning IAM roles created for the assume role tests..."); ListRolesRequest listRolesRequest = new ListRolesRequest().withPathPrefix(IAMHelper.PATH); List<Role> roles = iamClient.listRoles(listRolesRequest).getRoles(); for (Role role: roles) { if (role.getRoleName().startsWith(AssumedRoleTestContext.ROLE_PREFIX) && role.getCreateDate().before(createdBeforeThreshold)) { LOG.info("Cleaning up role: " + role.getRoleName()); DeleteRoleRequest deleteRoleRequest = new DeleteRoleRequest().withRoleName(role.getRoleName()); iamClient.deleteRole(deleteRoleRequest); } } }
/** * Method gets the aws accountId from the specified credentials. * * @param privateKeyId * @param privateKey * @return account ID */ private String getAccountId(String privateKeyId, String privateKey) { AWSCredentials awsCredentials = new BasicAWSCredentials(privateKeyId, privateKey); AWSStaticCredentialsProvider awsStaticCredentialsProvider = new AWSStaticCredentialsProvider( awsCredentials); AmazonIdentityManagementClientBuilder amazonIdentityManagementClientBuilder = AmazonIdentityManagementClientBuilder .standard() .withCredentials(awsStaticCredentialsProvider) .withRegion(Regions.DEFAULT_REGION); AmazonIdentityManagementClient iamClient = (AmazonIdentityManagementClient) amazonIdentityManagementClientBuilder .build(); String userId = null; try { if ((iamClient.getUser() != null) && (iamClient.getUser().getUser() != null) && (iamClient.getUser().getUser().getArn() != null)) { String arn = iamClient.getUser().getUser().getArn(); /* * arn:aws:service:region:account:resource -> so limiting the split to 6 words and * extracting the accountId which is 5th one in list. If the user is not authorized * to perform iam:GetUser on that resource,still error mesage will have accountId */ userId = arn.split(":", 6)[4]; } } catch (AmazonServiceException ex) { if (ex.getErrorCode().compareTo("AccessDenied") == 0) { String msg = ex.getMessage(); userId = msg.split(":", 7)[5]; } else { logSevere("Exception getting the accountId %s", ex); } } return userId; }
public AAWSTest() { super(); if (Config.has(Config.Key.IAM_ROLE_ARN)) { final AWSSecurityTokenService sts = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new DefaultAWSCredentialsProviderChain()).build(); this.credentialsProvider = new STSAssumeRoleSessionCredentialsProvider.Builder(Config.get(Config.Key.IAM_ROLE_ARN), IAM_SESSION_NAME).withStsClient(sts).build(); } else { this.credentialsProvider = new DefaultAWSCredentialsProviderChain(); } this.ec2 = AmazonEC2ClientBuilder.standard().withCredentials(this.credentialsProvider).build(); this.iam = AmazonIdentityManagementClientBuilder.standard().withCredentials(this.credentialsProvider).build(); }
public static void main(String[] args) { final String USAGE = "To run this example, supply an IAM username\n" + "Ex: ListAccessKeys <username>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String username = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); boolean done = false; ListAccessKeysRequest request = new ListAccessKeysRequest() .withUserName(username); while (!done) { ListAccessKeysResult response = iam.listAccessKeys(request); for (AccessKeyMetadata metadata : response.getAccessKeyMetadata()) { System.out.format("Retrieved access key %s", metadata.getAccessKeyId()); } request.setMarker(response.getMarker()); if (!response.getIsTruncated()) { done = true; } } }
public static void main(String[] args) { final String USAGE = "To run this example, supply a username, access key id and status\n" + "Ex: UpdateAccessKey <username> <access-key-id> <Activate|Inactive>\n"; if (args.length != 3) { System.out.println(USAGE); System.exit(1); } String username = args[0]; String access_id = args[1]; String status = args[2]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); UpdateAccessKeyRequest request = new UpdateAccessKeyRequest() .withAccessKeyId(access_id) .withUserName(username) .withStatus(status); UpdateAccessKeyResult response = iam.updateAccessKey(request); System.out.printf( "Successfully updated status of access key %s to" + "status %s for user %s", access_id, status, username); }
public static void main(String[] args) { final String USAGE = "To run this example, supply the current certificate name and\n" + "a new name. Ex:\n\n" + "UpdateServerCertificate <current-name> <new-name>\n"; if (args.length != 2) { System.out.println(USAGE); System.exit(1); } String cur_name = args[0]; String new_name = args[1]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); UpdateServerCertificateRequest request = new UpdateServerCertificateRequest() .withServerCertificateName(cur_name) .withNewServerCertificateName(new_name); UpdateServerCertificateResult response = iam.updateServerCertificate(request); System.out.printf("Successfully updated server certificate to name %s", new_name); }
public static void main(String[] args) { final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); boolean done = false; ListServerCertificatesRequest request = new ListServerCertificatesRequest(); while(!done) { ListServerCertificatesResult response = iam.listServerCertificates(request); for(ServerCertificateMetadata metadata : response.getServerCertificateMetadataList()) { System.out.printf("Retrieved server certificate %s", metadata.getServerCertificateName()); } request.setMarker(response.getMarker()); if(!response.getIsTruncated()) { done = true; } } }
public static void main(String[] args) { final String USAGE = "To run this example, supply the current username and a new\n" + "username. Ex:\n\n" + "UpdateUser <current-name> <new-name>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String cur_name = args[0]; String new_name = args[1]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); UpdateUserRequest request = new UpdateUserRequest() .withUserName(cur_name) .withNewUserName(new_name); UpdateUserResult response = iam.updateUser(request); System.out.printf("Successfully updated user to username %s", new_name); }
public static void main(String[] args) { final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); ListAccountAliasesResult response = iam.listAccountAliases(); for (String alias : response.getAccountAliases()) { System.out.printf("Retrieved account alias %s", alias); } }
public static void main(String[] args) { final String USAGE = "To run this example, supply a username\n" + "Ex: DeleteUser <username>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String username = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); DeleteUserRequest request = new DeleteUserRequest() .withUserName(username); try { iam.deleteUser(request); } catch (DeleteConflictException e) { System.out.println("Unable to delete user. Verify user is not" + " associated with any resources"); throw e; } System.out.println("Successfully deleted IAM user " + username); }
private void createAmazonAPIClients() { cfnClient = AmazonCloudFormationClientBuilder.defaultClient(); ec2Client = AmazonEC2ClientBuilder.defaultClient(); snsClient = AmazonSNSClientBuilder.defaultClient(); sqsClient = AmazonSQSClientBuilder.defaultClient(); elbClient = AmazonElasticLoadBalancingClientBuilder.defaultClient(); s3Client = AmazonS3ClientBuilder.defaultClient(); rdsClient = AmazonRDSClientBuilder.defaultClient(); iamClient = AmazonIdentityManagementClientBuilder.defaultClient(); }
IAMHelper(AWSCredentialsProvider awsCredentials, Region testRegion) { this.client = AmazonIdentityManagementClientBuilder.standard() .withCredentials(awsCredentials) .withRegion(testRegion.getName()) .build(); }
public static void main(String[] args) { final String USAGE = "To run this example, supply a role name\n" + "Ex: AttachRolePolicy <role-name>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1); } String role_name = args[0]; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); ListAttachedRolePoliciesRequest request = new ListAttachedRolePoliciesRequest() .withRoleName(role_name); List<AttachedPolicy> matching_policies = new ArrayList<>(); boolean done = false; while(!done) { ListAttachedRolePoliciesResult response = iam.listAttachedRolePolicies(request); matching_policies.addAll( response.getAttachedPolicies() .stream() .filter(p -> p.getPolicyName().equals(role_name)) .collect(Collectors.toList())); if(!response.getIsTruncated()) { done = true; } request.setMarker(response.getMarker()); } if (matching_policies.size() > 0) { System.out.println(role_name + " policy is already attached to this role."); return; } AttachRolePolicyRequest attach_request = new AttachRolePolicyRequest() .withRoleName(role_name) .withPolicyArn(POLICY_ARN); iam.attachRolePolicy(attach_request); System.out.println("Successfully attached policy " + POLICY_ARN + " to role " + role_name); }
public IAM(AWSCredentialsProvider credentials, Regions region) { iam = AmazonIdentityManagementClientBuilder.standard().withRegion(region).withCredentials(credentials).build(); this.region = Region.getRegion(region); }
public static AmazonIdentityManagement createIamClient(DefaultAWSCredentialsProviderChain credentialsProvider) { return AmazonIdentityManagementClientBuilder.defaultClient(); }
