Example usage for com.amazonaws.services.identitymanagement.model CreateRoleResult getRole

List of usage examples for com.amazonaws.services.identitymanagement.model CreateRoleResult getRole

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.services.identitymanagement.model.*
  5. CreateRoleResult
  6. getRole

Introduction

In this page you can find the example usage for com.amazonaws.services.identitymanagement.model CreateRoleResult getRole.

Prototype


public Role getRole()

Source Link

Document

A structure containing details about the new role.

Usage

From source file:com.nike.cerberus.operation.core.EnableConfigReplicationOperation.java

License:Apache License

private String createIamRoleForReplication(final String replicationBucketName) {
    final Mustache s3AssumeRoleTemplateCompiler = mustacheFactory.compile(s3AssumeRoleTemplate);
    final Mustache s3ReplicationPolicyTemplateCompiler = mustacheFactory.compile(s3ReplicationPolicyTemplate);
    final StringWriter s3AssumeRoleWriter = new StringWriter();
    final StringWriter s3ReplicationPolicyWriter = new StringWriter();
    final S3ReplicationPolicyInput s3ReplicationPolicyInput = new S3ReplicationPolicyInput();
    s3ReplicationPolicyInput.setSourceBucket(environmentMetadata.getBucketName());
    s3ReplicationPolicyInput.setReplicationBucket(replicationBucketName);

    try {//from  ww  w. j a  v a  2  s. c om
        s3AssumeRoleTemplateCompiler.execute(s3AssumeRoleWriter, new S3AssumeRoleInput()).flush();
        s3ReplicationPolicyTemplateCompiler.execute(s3ReplicationPolicyWriter, s3ReplicationPolicyInput)
                .flush();
    } catch (IOException e) {
        throw new ConfigGenerationException("Failed to generate the policy documents for the replication role!",
                e);
    }

    // 1. Create the IAM role.
    final CreateRoleRequest createRoleRequest = new CreateRoleRequest();
    createRoleRequest.setRoleName(String.format(replicationRoleNameTemplate, environmentMetadata.getName()));
    createRoleRequest.setAssumeRolePolicyDocument(s3AssumeRoleWriter.toString());
    createRoleRequest.setPath("/");

    logger.info("Creating the IAM role for replication.");
    final CreateRoleResult createRoleResult = iamClient.createRole(createRoleRequest);

    // 2. Create the IAM policy.
    final CreatePolicyRequest createPolicyRequest = new CreatePolicyRequest();
    createPolicyRequest
            .setPolicyName(String.format(replicationPolicyNameTemplate, environmentMetadata.getName()));
    createPolicyRequest.setPath("/");
    createPolicyRequest.setDescription("S3 bucket replication policy for Cerberus.");
    createPolicyRequest.setPolicyDocument(s3ReplicationPolicyWriter.toString());

    logger.info("Creating the IAM policy for replication.");
    final CreatePolicyResult createPolicyResult = iamClient.createPolicy(createPolicyRequest);

    // 3. Attach the policy to the role.
    final AttachRolePolicyRequest attachRolePolicyRequest = new AttachRolePolicyRequest();
    attachRolePolicyRequest.setRoleName(createRoleResult.getRole().getRoleName());
    attachRolePolicyRequest.setPolicyArn(createPolicyResult.getPolicy().getArn());

    logger.info("Attaching the policy to the IAM role.");
    iamClient.attachRolePolicy(attachRolePolicyRequest);

    return createRoleResult.getRole().getArn();
}

From source file:example.swf.hellolambda.HelloTypes.java

License:Apache License

/**
 * Creeate an IAM role that gives SWF permissions for Lambda, and return its ARN.
 *//*w  w  w.  j  a va 2s .c  om*/
public static String createLambdaRole() {
    final String ROLE_NAME = "hello-swf-lambda-role";
    System.out.println("** Attempting to create Lambda role: " + ROLE_NAME);

    final String ROLE_POLICY = "{" + "  \"Version\": \"2012-10-17\"," + "  \"Statement\": [{"
            + "    \"Effect\": \"Allow\"," + "    \"Action\": [" + "      \"lambda:InvokeFunction\"" + "    ],"
            + "    \"Resource\": [\"*\"]" + "  }]" + "}";

    final String SWF_LAMBDA_TRUST = "{" + "  \"Version\": \"2012-10-17\"," + "  \"Statement\": [" + "    {"
            + "      \"Sid\": \"\"," + "      \"Effect\": \"Allow\"," + "      \"Principal\": {"
            + "        \"Service\": [" + "          \"lambda.amazonaws.com\","
            + "          \"swf.amazonaws.com\"" + "        ]" + "      },"
            + "      \"Action\": \"sts:AssumeRole\"" + "    }" + "  ]" + "}";

    AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient();
    CreateRoleRequest request = new CreateRoleRequest().withRoleName(ROLE_NAME)
            .withAssumeRolePolicyDocument(SWF_LAMBDA_TRUST);

    CreateRoleResult result = null;
    String role_arn = null;

    try {
        result = iam.createRole(request);
        role_arn = result.getRole().getArn();
    } catch (EntityAlreadyExistsException e) {
        System.out.println("** IAM Role already exists!");
        role_arn = iam.getRole(new GetRoleRequest().withRoleName(ROLE_NAME)).getRole().getArn();
    }

    return role_arn;
}