Example usage for com.amazonaws.services.identitymanagement.model CreatePolicyRequest setPath

List of usage examples for com.amazonaws.services.identitymanagement.model CreatePolicyRequest setPath

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.services.identitymanagement.model.*
  5. CreatePolicyRequest
  6. setPath

Introduction

In this page you can find the example usage for com.amazonaws.services.identitymanagement.model CreatePolicyRequest setPath.

Prototype


public void setPath(String path)

Source Link

Document

The path for the policy.

Usage

From source file:com.nike.cerberus.operation.core.EnableConfigReplicationOperation.java

License:Apache License

private String createIamRoleForReplication(final String replicationBucketName) {
    final Mustache s3AssumeRoleTemplateCompiler = mustacheFactory.compile(s3AssumeRoleTemplate);
    final Mustache s3ReplicationPolicyTemplateCompiler = mustacheFactory.compile(s3ReplicationPolicyTemplate);
    final StringWriter s3AssumeRoleWriter = new StringWriter();
    final StringWriter s3ReplicationPolicyWriter = new StringWriter();
    final S3ReplicationPolicyInput s3ReplicationPolicyInput = new S3ReplicationPolicyInput();
    s3ReplicationPolicyInput.setSourceBucket(environmentMetadata.getBucketName());
    s3ReplicationPolicyInput.setReplicationBucket(replicationBucketName);

    try {// w  w w.j  a va2 s.com
        s3AssumeRoleTemplateCompiler.execute(s3AssumeRoleWriter, new S3AssumeRoleInput()).flush();
        s3ReplicationPolicyTemplateCompiler.execute(s3ReplicationPolicyWriter, s3ReplicationPolicyInput)
                .flush();
    } catch (IOException e) {
        throw new ConfigGenerationException("Failed to generate the policy documents for the replication role!",
                e);
    }

    // 1. Create the IAM role.
    final CreateRoleRequest createRoleRequest = new CreateRoleRequest();
    createRoleRequest.setRoleName(String.format(replicationRoleNameTemplate, environmentMetadata.getName()));
    createRoleRequest.setAssumeRolePolicyDocument(s3AssumeRoleWriter.toString());
    createRoleRequest.setPath("/");

    logger.info("Creating the IAM role for replication.");
    final CreateRoleResult createRoleResult = iamClient.createRole(createRoleRequest);

    // 2. Create the IAM policy.
    final CreatePolicyRequest createPolicyRequest = new CreatePolicyRequest();
    createPolicyRequest
            .setPolicyName(String.format(replicationPolicyNameTemplate, environmentMetadata.getName()));
    createPolicyRequest.setPath("/");
    createPolicyRequest.setDescription("S3 bucket replication policy for Cerberus.");
    createPolicyRequest.setPolicyDocument(s3ReplicationPolicyWriter.toString());

    logger.info("Creating the IAM policy for replication.");
    final CreatePolicyResult createPolicyResult = iamClient.createPolicy(createPolicyRequest);

    // 3. Attach the policy to the role.
    final AttachRolePolicyRequest attachRolePolicyRequest = new AttachRolePolicyRequest();
    attachRolePolicyRequest.setRoleName(createRoleResult.getRole().getRoleName());
    attachRolePolicyRequest.setPolicyArn(createPolicyResult.getPolicy().getArn());

    logger.info("Attaching the policy to the IAM role.");
    iamClient.attachRolePolicy(attachRolePolicyRequest);

    return createRoleResult.getRole().getArn();
}