public InstanceProfile createInstanceProfile(String path, String name, String policy) { CreateInstanceProfileRequest request = new CreateInstanceProfileRequest() .withPath(path) .withInstanceProfileName(name); logger.info("create instance profile, path={}, name={}", path, name); InstanceProfile instanceProfile = iam.createInstanceProfile(request).getInstanceProfile(); logger.info("create role, name={}", name); iam.createRole(new CreateRoleRequest() .withRoleName(name) .withPath(path) .withAssumeRolePolicyDocument(assumeRolePolicyDocument())); // attach role to instance before creating policy, if policy failed, at least profile/role are ready, and policy can be fixed thru AWS console iam.addRoleToInstanceProfile(new AddRoleToInstanceProfileRequest() .withInstanceProfileName(name) .withRoleName(name)); createRolePolicy(name, name, policy); return instanceProfile; }
public String createIAMRoleIfNotExist(String roleName) { GetRoleRequest getRoleRequest = new GetRoleRequest() .withRoleName(roleName); try { GetRoleResult getRoleResult = identityManagement.getRole(getRoleRequest); return getRoleResult.getRole().getArn(); } catch (NoSuchEntityException e) { CreateRoleRequest request = new CreateRoleRequest().withRoleName(roleName) .withAssumeRolePolicyDocument("{\"Version\": \"2008-10-17\"," + "\"Statement\": [" + "{" + "\"Sid\": \"1\"," + "\"Effect\": \"Allow\"," + "\"Principal\": {" + "\"Service\": \"elastictranscoder.amazonaws.com\"" + "}," + "\"Action\": \"sts:AssumeRole\"" + "}" + "]" + "}"); CreateRoleResult roleResult = identityManagement.createRole(request); PutRolePolicyRequest putRolePolicyRequest = new PutRolePolicyRequest() .withPolicyName("s3video_generated_policy") .withPolicyDocument("{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"1\",\"Effect\":\"Allow\",\"Action\":[\"s3:ListBucket\",\"s3:Put*\",\"s3:Get*\",\"s3:*MultipartUpload*\"],\"Resource\":\"*\"},{\"Sid\":\"2\",\"Effect\":\"Allow\",\"Action\":\"sns:Publish\",\"Resource\":\"*\"},{\"Sid\":\"3\",\"Effect\":\"Deny\",\"Action\":[\"s3:*Policy*\",\"sns:*Permission*\",\"sns:*Delete*\",\"s3:*Delete*\",\"sns:*Remove*\"],\"Resource\":\"*\"}]}") .withRoleName(roleName); identityManagement.putRolePolicy(putRolePolicyRequest); return roleResult.getRole().getArn(); } }
@Override public Role createRole(CreateRoleRequest request, ResultCapture<CreateRoleResult> extractor) { ActionResult result = service.performAction("CreateRole", request, extractor); if (result == null) return null; return new RoleImpl(result.getResource()); }
@Override public Role createRole(CreateRoleRequest request) { return createRole(request, null); }
/** * Performs the <code>CreateRole</code> action. * * <p> * * @return The <code>Role</code> resource object associated with the result * of this action. * @see CreateRoleRequest */ com.amazonaws.resources.identitymanagement.Role createRole(CreateRoleRequest request);
/** * Performs the <code>CreateRole</code> action and use a ResultCapture to * retrieve the low-level client response. * * <p> * * @return The <code>Role</code> resource object associated with the result * of this action. * @see CreateRoleRequest */ com.amazonaws.resources.identitymanagement.Role createRole(CreateRoleRequest request, ResultCapture<CreateRoleResult> extractor);
