List of usage examples for com.amazonaws.services.identitymanagement.model CreatePolicyRequest setPath
public void setPath(String path)
The path for the policy.
From source file:com.nike.cerberus.operation.core.EnableConfigReplicationOperation.java
License:Apache License
private String createIamRoleForReplication(final String replicationBucketName) { final Mustache s3AssumeRoleTemplateCompiler = mustacheFactory.compile(s3AssumeRoleTemplate); final Mustache s3ReplicationPolicyTemplateCompiler = mustacheFactory.compile(s3ReplicationPolicyTemplate); final StringWriter s3AssumeRoleWriter = new StringWriter(); final StringWriter s3ReplicationPolicyWriter = new StringWriter(); final S3ReplicationPolicyInput s3ReplicationPolicyInput = new S3ReplicationPolicyInput(); s3ReplicationPolicyInput.setSourceBucket(environmentMetadata.getBucketName()); s3ReplicationPolicyInput.setReplicationBucket(replicationBucketName); try {// w w w.j a va2 s.com s3AssumeRoleTemplateCompiler.execute(s3AssumeRoleWriter, new S3AssumeRoleInput()).flush(); s3ReplicationPolicyTemplateCompiler.execute(s3ReplicationPolicyWriter, s3ReplicationPolicyInput) .flush(); } catch (IOException e) { throw new ConfigGenerationException("Failed to generate the policy documents for the replication role!", e); } // 1. Create the IAM role. final CreateRoleRequest createRoleRequest = new CreateRoleRequest(); createRoleRequest.setRoleName(String.format(replicationRoleNameTemplate, environmentMetadata.getName())); createRoleRequest.setAssumeRolePolicyDocument(s3AssumeRoleWriter.toString()); createRoleRequest.setPath("/"); logger.info("Creating the IAM role for replication."); final CreateRoleResult createRoleResult = iamClient.createRole(createRoleRequest); // 2. Create the IAM policy. final CreatePolicyRequest createPolicyRequest = new CreatePolicyRequest(); createPolicyRequest .setPolicyName(String.format(replicationPolicyNameTemplate, environmentMetadata.getName())); createPolicyRequest.setPath("/"); createPolicyRequest.setDescription("S3 bucket replication policy for Cerberus."); createPolicyRequest.setPolicyDocument(s3ReplicationPolicyWriter.toString()); logger.info("Creating the IAM policy for replication."); final CreatePolicyResult createPolicyResult = iamClient.createPolicy(createPolicyRequest); // 3. Attach the policy to the role. final AttachRolePolicyRequest attachRolePolicyRequest = new AttachRolePolicyRequest(); attachRolePolicyRequest.setRoleName(createRoleResult.getRole().getRoleName()); attachRolePolicyRequest.setPolicyArn(createPolicyResult.getPolicy().getArn()); logger.info("Attaching the policy to the IAM role."); iamClient.attachRolePolicy(attachRolePolicyRequest); return createRoleResult.getRole().getArn(); }