List of usage examples for com.amazonaws.services.identitymanagement.model CreateRoleResult getRole
public Role getRole()
A structure containing details about the new role.
From source file:com.nike.cerberus.operation.core.EnableConfigReplicationOperation.java
License:Apache License
private String createIamRoleForReplication(final String replicationBucketName) { final Mustache s3AssumeRoleTemplateCompiler = mustacheFactory.compile(s3AssumeRoleTemplate); final Mustache s3ReplicationPolicyTemplateCompiler = mustacheFactory.compile(s3ReplicationPolicyTemplate); final StringWriter s3AssumeRoleWriter = new StringWriter(); final StringWriter s3ReplicationPolicyWriter = new StringWriter(); final S3ReplicationPolicyInput s3ReplicationPolicyInput = new S3ReplicationPolicyInput(); s3ReplicationPolicyInput.setSourceBucket(environmentMetadata.getBucketName()); s3ReplicationPolicyInput.setReplicationBucket(replicationBucketName); try {//from ww w. j a v a 2 s. c om s3AssumeRoleTemplateCompiler.execute(s3AssumeRoleWriter, new S3AssumeRoleInput()).flush(); s3ReplicationPolicyTemplateCompiler.execute(s3ReplicationPolicyWriter, s3ReplicationPolicyInput) .flush(); } catch (IOException e) { throw new ConfigGenerationException("Failed to generate the policy documents for the replication role!", e); } // 1. Create the IAM role. final CreateRoleRequest createRoleRequest = new CreateRoleRequest(); createRoleRequest.setRoleName(String.format(replicationRoleNameTemplate, environmentMetadata.getName())); createRoleRequest.setAssumeRolePolicyDocument(s3AssumeRoleWriter.toString()); createRoleRequest.setPath("/"); logger.info("Creating the IAM role for replication."); final CreateRoleResult createRoleResult = iamClient.createRole(createRoleRequest); // 2. Create the IAM policy. final CreatePolicyRequest createPolicyRequest = new CreatePolicyRequest(); createPolicyRequest .setPolicyName(String.format(replicationPolicyNameTemplate, environmentMetadata.getName())); createPolicyRequest.setPath("/"); createPolicyRequest.setDescription("S3 bucket replication policy for Cerberus."); createPolicyRequest.setPolicyDocument(s3ReplicationPolicyWriter.toString()); logger.info("Creating the IAM policy for replication."); final CreatePolicyResult createPolicyResult = iamClient.createPolicy(createPolicyRequest); // 3. Attach the policy to the role. final AttachRolePolicyRequest attachRolePolicyRequest = new AttachRolePolicyRequest(); attachRolePolicyRequest.setRoleName(createRoleResult.getRole().getRoleName()); attachRolePolicyRequest.setPolicyArn(createPolicyResult.getPolicy().getArn()); logger.info("Attaching the policy to the IAM role."); iamClient.attachRolePolicy(attachRolePolicyRequest); return createRoleResult.getRole().getArn(); }
From source file:example.swf.hellolambda.HelloTypes.java
License:Apache License
/** * Creeate an IAM role that gives SWF permissions for Lambda, and return its ARN. *//*w w w. j a va 2s .c om*/ public static String createLambdaRole() { final String ROLE_NAME = "hello-swf-lambda-role"; System.out.println("** Attempting to create Lambda role: " + ROLE_NAME); final String ROLE_POLICY = "{" + " \"Version\": \"2012-10-17\"," + " \"Statement\": [{" + " \"Effect\": \"Allow\"," + " \"Action\": [" + " \"lambda:InvokeFunction\"" + " ]," + " \"Resource\": [\"*\"]" + " }]" + "}"; final String SWF_LAMBDA_TRUST = "{" + " \"Version\": \"2012-10-17\"," + " \"Statement\": [" + " {" + " \"Sid\": \"\"," + " \"Effect\": \"Allow\"," + " \"Principal\": {" + " \"Service\": [" + " \"lambda.amazonaws.com\"," + " \"swf.amazonaws.com\"" + " ]" + " }," + " \"Action\": \"sts:AssumeRole\"" + " }" + " ]" + "}"; AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); CreateRoleRequest request = new CreateRoleRequest().withRoleName(ROLE_NAME) .withAssumeRolePolicyDocument(SWF_LAMBDA_TRUST); CreateRoleResult result = null; String role_arn = null; try { result = iam.createRole(request); role_arn = result.getRole().getArn(); } catch (EntityAlreadyExistsException e) { System.out.println("** IAM Role already exists!"); role_arn = iam.getRole(new GetRoleRequest().withRoleName(ROLE_NAME)).getRole().getArn(); } return role_arn; }