List of usage examples for com.amazonaws.services.identitymanagement.model CreateRoleRequest CreateRoleRequest
CreateRoleRequest
From source file:AbstractAmazonKinesisFirehoseDelivery.java
License:Open Source License
/** * Method to create the IAM role./*w w w . j a v a 2 s.c o m*/ * * @param s3Prefix the s3Prefix to be specified in role policy (only when KMS key ARN is specified) * @return the role ARN * @throws InterruptedException */ protected static String createIamRole(String s3Prefix) throws InterruptedException { try { //set trust policy for the role iamClient.createRole(new CreateRoleRequest().withRoleName(iamRoleName) .withAssumeRolePolicyDocument(getTrustPolicy())); } catch (EntityAlreadyExistsException e) { LOG.info("IAM role with name " + iamRoleName + " already exists"); } catch (MalformedPolicyDocumentException policyDocumentException) { LOG.error(String.format("Please check the trust policy document for malformation: %s", IAM_ROLE_TRUST_POLICY_DOCUMENT)); throw policyDocumentException; } // Update the role policy with permissions so that principal can access the resources // with necessary conditions putRolePolicy(s3Prefix); String roleARN = iamClient.getRole(new GetRoleRequest().withRoleName(iamRoleName)).getRole().getArn(); // Sleep for 5 seconds because IAM role creation takes some time to propagate Thread.sleep(5000); return roleARN; }
From source file:awslabs.lab41.SolutionCode.java
License:Open Source License
@Override public String prepMode_CreateRole(AmazonIdentityManagementClient iamClient, String roleName, String policyText, String trustRelationshipText) { String roleArn = null;//from ww w.ja va2s .c o m // Construct a CreateRoleRequest object using the specified name and "assume role" policy. The policy is the trustRelationshipText parameter. CreateRoleRequest createRoleRequest = new CreateRoleRequest() .withAssumeRolePolicyDocument(trustRelationshipText).withRoleName(roleName); // Submit the request using the createRole method of the iamClient object. // Retrieve and store the role ARN from the request response. roleArn = iamClient.createRole(createRoleRequest).getRole().getArn(); // Construct a PutRolePolicyRequest object using the provided policy for the new role. Use whatever policy name you like. PutRolePolicyRequest putRolePolicyRequest = new PutRolePolicyRequest().withPolicyDocument(policyText) .withPolicyName(roleName + "_policy").withRoleName(roleName); // Submit the request using the putRolePolicy method of the iamClient object. iamClient.putRolePolicy(putRolePolicyRequest); // Return the ARN for the new role. return roleArn; }
From source file:com.nike.cerberus.operation.core.EnableConfigReplicationOperation.java
License:Apache License
private String createIamRoleForReplication(final String replicationBucketName) { final Mustache s3AssumeRoleTemplateCompiler = mustacheFactory.compile(s3AssumeRoleTemplate); final Mustache s3ReplicationPolicyTemplateCompiler = mustacheFactory.compile(s3ReplicationPolicyTemplate); final StringWriter s3AssumeRoleWriter = new StringWriter(); final StringWriter s3ReplicationPolicyWriter = new StringWriter(); final S3ReplicationPolicyInput s3ReplicationPolicyInput = new S3ReplicationPolicyInput(); s3ReplicationPolicyInput.setSourceBucket(environmentMetadata.getBucketName()); s3ReplicationPolicyInput.setReplicationBucket(replicationBucketName); try {//w w w.j a va2 s . c o m s3AssumeRoleTemplateCompiler.execute(s3AssumeRoleWriter, new S3AssumeRoleInput()).flush(); s3ReplicationPolicyTemplateCompiler.execute(s3ReplicationPolicyWriter, s3ReplicationPolicyInput) .flush(); } catch (IOException e) { throw new ConfigGenerationException("Failed to generate the policy documents for the replication role!", e); } // 1. Create the IAM role. final CreateRoleRequest createRoleRequest = new CreateRoleRequest(); createRoleRequest.setRoleName(String.format(replicationRoleNameTemplate, environmentMetadata.getName())); createRoleRequest.setAssumeRolePolicyDocument(s3AssumeRoleWriter.toString()); createRoleRequest.setPath("/"); logger.info("Creating the IAM role for replication."); final CreateRoleResult createRoleResult = iamClient.createRole(createRoleRequest); // 2. Create the IAM policy. final CreatePolicyRequest createPolicyRequest = new CreatePolicyRequest(); createPolicyRequest .setPolicyName(String.format(replicationPolicyNameTemplate, environmentMetadata.getName())); createPolicyRequest.setPath("/"); createPolicyRequest.setDescription("S3 bucket replication policy for Cerberus."); createPolicyRequest.setPolicyDocument(s3ReplicationPolicyWriter.toString()); logger.info("Creating the IAM policy for replication."); final CreatePolicyResult createPolicyResult = iamClient.createPolicy(createPolicyRequest); // 3. Attach the policy to the role. final AttachRolePolicyRequest attachRolePolicyRequest = new AttachRolePolicyRequest(); attachRolePolicyRequest.setRoleName(createRoleResult.getRole().getRoleName()); attachRolePolicyRequest.setPolicyArn(createPolicyResult.getPolicy().getArn()); logger.info("Attaching the policy to the IAM role."); iamClient.attachRolePolicy(attachRolePolicyRequest); return createRoleResult.getRole().getArn(); }
From source file:example.swf.hellolambda.HelloTypes.java
License:Apache License
/** * Creeate an IAM role that gives SWF permissions for Lambda, and return its ARN. */// w w w.j av a 2 s.c om public static String createLambdaRole() { final String ROLE_NAME = "hello-swf-lambda-role"; System.out.println("** Attempting to create Lambda role: " + ROLE_NAME); final String ROLE_POLICY = "{" + " \"Version\": \"2012-10-17\"," + " \"Statement\": [{" + " \"Effect\": \"Allow\"," + " \"Action\": [" + " \"lambda:InvokeFunction\"" + " ]," + " \"Resource\": [\"*\"]" + " }]" + "}"; final String SWF_LAMBDA_TRUST = "{" + " \"Version\": \"2012-10-17\"," + " \"Statement\": [" + " {" + " \"Sid\": \"\"," + " \"Effect\": \"Allow\"," + " \"Principal\": {" + " \"Service\": [" + " \"lambda.amazonaws.com\"," + " \"swf.amazonaws.com\"" + " ]" + " }," + " \"Action\": \"sts:AssumeRole\"" + " }" + " ]" + "}"; AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); CreateRoleRequest request = new CreateRoleRequest().withRoleName(ROLE_NAME) .withAssumeRolePolicyDocument(SWF_LAMBDA_TRUST); CreateRoleResult result = null; String role_arn = null; try { result = iam.createRole(request); role_arn = result.getRole().getArn(); } catch (EntityAlreadyExistsException e) { System.out.println("** IAM Role already exists!"); role_arn = iam.getRole(new GetRoleRequest().withRoleName(ROLE_NAME)).getRole().getArn(); } return role_arn; }
From source file:jp.classmethod.aws.gradle.identitymanagement.AmazonIdentityManagementCreateRoleTask.java
License:Apache License
@TaskAction public void createRole() { // to enable conventionMappings feature String roleName = getRoleName(); String assumeRolePolicyDocument = getAssumeRolePolicyDocument(); if (roleName == null) { throw new GradleException("roleName is required"); }/* w ww . j av a2s . co m*/ if (assumeRolePolicyDocument == null) { throw new GradleException("assumeRolePolicyDocument is required"); } AmazonIdentityManagementPluginExtension ext = getProject().getExtensions() .getByType(AmazonIdentityManagementPluginExtension.class); AmazonIdentityManagement iam = ext.getClient(); CreateRoleRequest request = new CreateRoleRequest().withRoleName(roleName).withPath(getPath()) .withAssumeRolePolicyDocument(assumeRolePolicyDocument); createRole = iam.createRole(request); getLogger().info("Create Role requested: {}", createRole.getRole().getArn()); policyArns.stream().forEach(policyArn -> { iam.attachRolePolicy(new AttachRolePolicyRequest().withRoleName(roleName).withPolicyArn(policyArn)); getLogger().info("Attach Managed policy {} to Role {} requested", policyArn, roleName); }); }
From source file:org.xmlsh.aws.gradle.identitymanagement.AmazonIdentityManagementCreateRoleTask.java
License:BSD License
@TaskAction public void createRole() { // to enable conventionMappings feature String roleName = getRoleName(); String assumeRolePolicyDocument = getAssumeRolePolicyDocument(); if (roleName == null) throw new GradleException("roleName is required"); if (assumeRolePolicyDocument == null) throw new GradleException("assumeRolePolicyDocument is required"); AmazonIdentityManagementPluginExtension ext = getProject().getExtensions() .getByType(AmazonIdentityManagementPluginExtension.class); AmazonIdentityManagement iam = ext.getClient(); CreateRoleRequest request = new CreateRoleRequest().withRoleName(roleName).withPath(getPath()) .withAssumeRolePolicyDocument(assumeRolePolicyDocument); createRole = iam.createRole(request); getLogger().info("Create Role requested: {}", createRole.getRole().getArn()); policyArns.stream().forEach(policyArn -> { iam.attachRolePolicy(new AttachRolePolicyRequest().withRoleName(roleName).withPolicyArn(policyArn)); getLogger().info("Attach Managed policy {} to Role {} requested", policyArn, roleName); });//from ww w. j ava 2 s. co m }