List of usage examples for com.amazonaws.services.identitymanagement AmazonIdentityManagementClient AmazonIdentityManagementClient
AmazonIdentityManagementClient(AwsSyncClientParams clientParams)
From source file:AbstractAmazonKinesisFirehoseDelivery.java
License:Open Source License
/** * Method to initialize the clients using the specified AWSCredentials. * * @param Exception/* www.j av a 2s . c o m*/ */ protected static void initClients() throws Exception { /* * The ProfileCredentialsProvider will return your [default] credential * profile by reading from the credentials file located at * (~/.aws/credentials). */ AWSCredentials credentials = null; try { credentials = new ProfileCredentialsProvider().getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load the credentials from the credential profiles file. " + "Please make sure that your credentials file is at the correct " + "location (~/.aws/credentials), and is in valid format.", e); } // S3 client s3Client = new AmazonS3Client(credentials); Region s3Region = RegionUtils.getRegion(s3RegionName); s3Client.setRegion(s3Region); // Firehose client firehoseClient = new AmazonKinesisFirehoseClient(credentials); firehoseClient.setRegion(RegionUtils.getRegion(firehoseRegion)); // IAM client iamClient = new AmazonIdentityManagementClient(credentials); iamClient.setRegion(RegionUtils.getRegion(iamRegion)); }
From source file:awslabs.lab41.Lab41.java
License:Open Source License
public LabVariables prepMode_Run() throws IOException { LabVariables labVariables = new LabVariables(); AWSCredentials credentials = getCredentials("prepmode"); AmazonIdentityManagementClient iamClient = new AmazonIdentityManagementClient(credentials); //iamClient.setRegion(Lab41.region); String trustRelationshipSource = readTextFile("TrustRelationship.txt"); String developmentPolicyText = readTextFile("development_role.txt"); String productionPolicyText = readTextFile("production_role.txt"); // Clean up environment by removing the roles if they exist. optionalLabCode.prepMode_RemoveRoles(iamClient, "development_role", "production_role"); // Trust relationships for roles (the way we're using them) require the ARN of the user. String userArn = labCode.prepMode_GetUserArn(iamClient, LabUserName); System.out.println("ARN for " + LabUserName + " is " + userArn); String trustRelationship = trustRelationshipSource.replaceAll("\\{userArn\\}", userArn); System.out.println("Trust relationship policy:\n" + trustRelationship); // Create the roles and store the role ARNs labVariables.setDevelopmentRoleArn(labCode.prepMode_CreateRole(iamClient, "development_role", developmentPolicyText, trustRelationship)); labVariables.setProductionRoleArn(/*from w ww. ja v a 2 s.c o m*/ labCode.prepMode_CreateRole(iamClient, "production_role", productionPolicyText, trustRelationship)); System.out.println("Created development policy role: " + labVariables.getDevelopmentRoleArn()); System.out.println("Created production policy role: " + labVariables.getProductionRoleArn()); // Create the bucket names String identifier = UUID.randomUUID().toString().substring(0, 8); labVariables.getBucketNames().add("dev" + identifier); labVariables.getBucketNames().add("prod" + identifier); // Create the buckets AmazonS3Client s3Client = new AmazonS3Client(credentials); s3Client.setRegion(Lab41.region); for (String bucketName : labVariables.getBucketNames()) { optionalLabCode.prepMode_CreateBucket(s3Client, bucketName, region); System.out.println("Created bucket: " + bucketName); } return labVariables; }
From source file:awslabs.lab41.SolutionCode.java
License:Open Source License
@Override public Boolean appMode_TestIamAccess(Region region, BasicSessionCredentials credentials) { try {/* w w w .j a va 2 s .c om*/ AmazonIdentityManagementClient iamClient = new AmazonIdentityManagementClient(credentials); //iamClient.setRegion(region); iamClient.listUsers(new ListUsersRequest()); return true; } catch (Exception ex) { return false; } }
From source file:com.denismo.aws.iam.IAMPasswordValidator.java
License:Apache License
public boolean verifyIAMPassword(Entry user, String pw) throws LdapInvalidAttributeValueException, LdapAuthenticationException { boolean role = false; AWSCredentials creds;/* w ww .j av a2 s . com*/ if (isRole(user)) { role = true; String[] parts = pw.split("\\|"); if (parts == null || parts.length < 3) throw new LdapAuthenticationException(); creds = new BasicSessionCredentials(parts[0], parts[1], parts[2]); } else { creds = new BasicAWSCredentials(user.get("accessKey").getString(), pw); } LOG.debug("Verifying {} {} with accessKey <hidden> and secretKey <hidden>", role ? "role" : "user", user.get("uid").getString()); AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(creds); try { client.getAccountSummary(); } catch (AmazonClientException e) { System.err.println(e.getMessage()); return false; } finally { client.shutdown(); } return true; }
From source file:com.denismo.aws.iam.IAMSecretKeyValidator.java
License:Apache License
@Override public boolean verifyIAMPassword(Entry user, String pw) throws LdapInvalidAttributeValueException, LdapAuthenticationException { boolean role = false; AWSCredentials creds;/* w w w . jav a 2s. c om*/ if (isRole(user)) { role = true; String[] parts = pw.split("\\|"); if (parts == null || parts.length < 3) throw new LdapAuthenticationException(); creds = new BasicSessionCredentials(parts[0], parts[1], parts[2]); } else { creds = new BasicAWSCredentials(user.get("accessKey").getString(), pw); } LOG.debug("Verifying {} {} with accessKey <hidden> and secretKey <hidden>", role ? "role" : "user", user.get("uid").getString()); AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(creds); try { client.getAccountSummary(); } catch (AmazonClientException e) { System.err.println(e.getMessage()); return false; } finally { client.shutdown(); } return true; }
From source file:com.denismo.aws.iam.LDAPIAMPoller.java
License:Apache License
private void populateRolesFromIAM() { AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(credentials); try {/*from w w w . ja va 2s . co m*/ ListRolesResult res = client.listRoles(); while (true) { for (Role role : res.getRoles()) { try { Entry groupEntry = getOrCreateRoleGroup(role); addRole(role, groupEntry); LOG.info("Added role " + role.getRoleName() + " at " + rolesDN); } catch (Throwable e) { LOG.error("Exception processing role " + role.getRoleName(), e); } } if (res.isTruncated()) { res = client.listRoles(new ListRolesRequest().withMarker(res.getMarker())); } else { break; } } } finally { client.shutdown(); } }
From source file:com.denismo.aws.iam.LDAPIAMPoller.java
License:Apache License
private void populateGroupsFromIAM() { AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(credentials); try {/*from w w w . j av a 2 s . c om*/ ListGroupsResult res = client.listGroups(); Set<String> groupNames = new HashSet<String>(); while (true) { for (Group group : res.getGroups()) { try { addGroup(group); groupNames.add(group.getGroupName()); LOG.info("Added group " + group.getGroupName() + " at " + groupsDN); } catch (Throwable e) { LOG.error("Exception processing group " + group.getGroupName(), e); } } if (res.isTruncated()) { res = client.listGroups(new ListGroupsRequest().withMarker(res.getMarker())); } else { break; } } removeDeletedGroups(groupNames); } finally { client.shutdown(); } }
From source file:com.denismo.aws.iam.LDAPIAMPoller.java
License:Apache License
private void populateUsersFromIAM() { AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(credentials); try {//from ww w . j av a 2 s .co m ListUsersResult res = client.listUsers(); Set<String> allUsers = new HashSet<String>(); while (true) { for (User user : res.getUsers()) { try { Collection<Group> groups = client .listGroupsForUser(new ListGroupsForUserRequest(user.getUserName())).getGroups(); Group primaryGroup = groups.size() > 0 ? groups.iterator().next() : null; if (primaryGroup == null) { LOG.warn("Unable to determine primary group for " + user.getUserName()); continue; } Entry groupEntry = getExistingGroup(primaryGroup); if (groupEntry == null) { LOG.warn("Unable to retrieve matching group entry for group " + primaryGroup.getGroupName() + " user " + user.getUserName()); continue; } addUser(user, getUserAccessKey(client, user), groupEntry); updateGroups(groups, user); allUsers.add(user.getUserName()); LOG.info("Added user " + user.getUserName()); } catch (Throwable e) { LOG.error("Exception processing user " + user.getUserName(), e); } } if (res.isTruncated()) { res = client.listUsers(new ListUsersRequest().withMarker(res.getMarker())); } else { break; } } removeDeletedUsers(allUsers); } finally { client.shutdown(); } }
From source file:com.epam.dlab.auth.aws.dao.AwsUserDAOImpl.java
License:Apache License
@Inject public AwsUserDAOImpl(AWSCredentials credentials) { this.aim = new AmazonIdentityManagementClient(credentials); }
From source file:com.epam.dlab.auth.aws.dao.AwsUserDAOImpl.java
License:Apache License
@Override public void updateCredentials(AWSCredentials credentials) { this.aim = new AmazonIdentityManagementClient(credentials); }