public InstanceProfile createInstanceProfile(String path, String name, String policy) { CreateInstanceProfileRequest request = new CreateInstanceProfileRequest() .withPath(path) .withInstanceProfileName(name); logger.info("create instance profile, path={}, name={}", path, name); InstanceProfile instanceProfile = iam.createInstanceProfile(request).getInstanceProfile(); logger.info("create role, name={}", name); iam.createRole(new CreateRoleRequest() .withRoleName(name) .withPath(path) .withAssumeRolePolicyDocument(assumeRolePolicyDocument())); // attach role to instance before creating policy, if policy failed, at least profile/role are ready, and policy can be fixed thru AWS console iam.addRoleToInstanceProfile(new AddRoleToInstanceProfileRequest() .withInstanceProfileName(name) .withRoleName(name)); createRolePolicy(name, name, policy); return instanceProfile; }
public void createS3BucketProfile() { AmazonIdentityManagement aim = getClient(); String profile = getUserProperty( REPO_PROFILE ); String role = getUserProperty( REPO_ROLE ); if ( instanceProfileExists( profile ) ) { console.write( "Profile '" + profile + "' already exists" ); //$NON-NLS-1$ //$NON-NLS-2$ return; } CreateInstanceProfileResult result = aim.createInstanceProfile( new CreateInstanceProfileRequest().withInstanceProfileName( profile ) ); // add roles to profil aim.addRoleToInstanceProfile( new AddRoleToInstanceProfileRequest().withInstanceProfileName( profile ) .withRoleName( role ) ); console.write( "Profile '" + profile + "' created at " + result.getInstanceProfile().getCreateDate() ); //$NON-NLS-1$ //$NON-NLS-2$ }
public void execute() { AmazonIdentityManagementClient iamClient = getOrCreateClient(AmazonIdentityManagementClient.class); iamClient.createInstanceProfile(new CreateInstanceProfileRequest() .withInstanceProfileName(instanceProfile)); iamClient .addRoleToInstanceProfile(new AddRoleToInstanceProfileRequest() .withRoleName(INSTANCEPROFILE_ROLE) .withInstanceProfileName(instanceProfile)); }
/** * @inheritDoc */ @Override public void createAgentInstanceProfile( String profileName, String controlRoleArn, Identity identity ) { AmazonIdentityManagement iam = ActivityUtils.createClient( AmazonIdentityManagementClient.class, identity ); // Create role if necessary String roleName = profileName + "-role"; Map<String, String> policyVariables = new HashMap<String, String>(); policyVariables.put( "CONTROLLER_ROLE_ARN", controlRoleArn ); Role role = ActivityUtils.createRole( roleName, iam, "datamung/agent-policy.json", policyVariables, "datamung/agent-trust.json", null ); // Create instance profile and associate role if necessary boolean roleAssociationRequired = true; try { iam.createInstanceProfile( new CreateInstanceProfileRequest().withInstanceProfileName( profileName ).withPath( role.getPath() ) ); } catch ( EntityAlreadyExistsException e ) { LOG.info( "Instance profile " + profileName + " already exists!" ); roleAssociationRequired = iam.getInstanceProfile( new GetInstanceProfileRequest().withInstanceProfileName( profileName ) ).getInstanceProfile().getRoles().isEmpty(); } if ( roleAssociationRequired ) { LOG.info( "Adding role " + roleName + " to instance profile " + profileName ); iam.addRoleToInstanceProfile( new AddRoleToInstanceProfileRequest().withInstanceProfileName( profileName ).withRoleName( roleName ) ); } }
