public String createIAMRoleIfNotExist(String roleName) { GetRoleRequest getRoleRequest = new GetRoleRequest() .withRoleName(roleName); try { GetRoleResult getRoleResult = identityManagement.getRole(getRoleRequest); return getRoleResult.getRole().getArn(); } catch (NoSuchEntityException e) { CreateRoleRequest request = new CreateRoleRequest().withRoleName(roleName) .withAssumeRolePolicyDocument("{\"Version\": \"2008-10-17\"," + "\"Statement\": [" + "{" + "\"Sid\": \"1\"," + "\"Effect\": \"Allow\"," + "\"Principal\": {" + "\"Service\": \"elastictranscoder.amazonaws.com\"" + "}," + "\"Action\": \"sts:AssumeRole\"" + "}" + "]" + "}"); CreateRoleResult roleResult = identityManagement.createRole(request); PutRolePolicyRequest putRolePolicyRequest = new PutRolePolicyRequest() .withPolicyName("s3video_generated_policy") .withPolicyDocument("{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"1\",\"Effect\":\"Allow\",\"Action\":[\"s3:ListBucket\",\"s3:Put*\",\"s3:Get*\",\"s3:*MultipartUpload*\"],\"Resource\":\"*\"},{\"Sid\":\"2\",\"Effect\":\"Allow\",\"Action\":\"sns:Publish\",\"Resource\":\"*\"},{\"Sid\":\"3\",\"Effect\":\"Deny\",\"Action\":[\"s3:*Policy*\",\"sns:*Permission*\",\"sns:*Delete*\",\"s3:*Delete*\",\"sns:*Remove*\"],\"Resource\":\"*\"}]}") .withRoleName(roleName); identityManagement.putRolePolicy(putRolePolicyRequest); return roleResult.getRole().getArn(); } }
public void createRolePolicy(String roleName, String policyName, String policyJSON) { logger.info("create role policy, role={}, policyName={}, policyJSON={}", roleName, policyName, policyJSON); iam.putRolePolicy(new PutRolePolicyRequest() .withRoleName(roleName) .withPolicyName(policyName) .withPolicyDocument(policyJSON)); }
@Override public void put(PutRolePolicyRequest request) { put(request, null); }
@Override public void put(PutRolePolicyRequest request, ResultCapture<Void> extractor) { resource.performAction("Put", request, extractor); }
/** * Performs the <code>Put</code> action. * * <p> * The following request parameters will be populated from the data of this * <code>RolePolicy</code> resource, and any conflicting parameter value set * in the request will be overridden: * <ul> * <li> * <b><code>RoleName</code></b> * - mapped from the <code>RoleName</code> identifier. * </li> * <li> * <b><code>PolicyName</code></b> * - mapped from the <code>Name</code> identifier. * </li> * </ul> * * <p> * * @see PutRolePolicyRequest */ void put(PutRolePolicyRequest request);
/** * Performs the <code>Put</code> action and use a ResultCapture to retrieve * the low-level client response. * * <p> * The following request parameters will be populated from the data of this * <code>RolePolicy</code> resource, and any conflicting parameter value set * in the request will be overridden: * <ul> * <li> * <b><code>RoleName</code></b> * - mapped from the <code>RoleName</code> identifier. * </li> * <li> * <b><code>PolicyName</code></b> * - mapped from the <code>Name</code> identifier. * </li> * </ul> * * <p> * * @see PutRolePolicyRequest */ void put(PutRolePolicyRequest request, ResultCapture<Void> extractor);
