List of usage examples for com.amazonaws.services.identitymanagement.model GetRoleRequest GetRoleRequest
GetRoleRequest
From source file:AbstractAmazonKinesisFirehoseDelivery.java
License:Open Source License
/** * Method to create the IAM role./* w w w .j av a2 s. c o m*/ * * @param s3Prefix the s3Prefix to be specified in role policy (only when KMS key ARN is specified) * @return the role ARN * @throws InterruptedException */ protected static String createIamRole(String s3Prefix) throws InterruptedException { try { //set trust policy for the role iamClient.createRole(new CreateRoleRequest().withRoleName(iamRoleName) .withAssumeRolePolicyDocument(getTrustPolicy())); } catch (EntityAlreadyExistsException e) { LOG.info("IAM role with name " + iamRoleName + " already exists"); } catch (MalformedPolicyDocumentException policyDocumentException) { LOG.error(String.format("Please check the trust policy document for malformation: %s", IAM_ROLE_TRUST_POLICY_DOCUMENT)); throw policyDocumentException; } // Update the role policy with permissions so that principal can access the resources // with necessary conditions putRolePolicy(s3Prefix); String roleARN = iamClient.getRole(new GetRoleRequest().withRoleName(iamRoleName)).getRole().getArn(); // Sleep for 5 seconds because IAM role creation takes some time to propagate Thread.sleep(5000); return roleARN; }
From source file:awslabs.lab41.SolutionCode.java
License:Open Source License
@Override public void prepMode_RemoveRoles(AmazonIdentityManagementClient iamClient, String... roles) { for (String roleName : roles) { try {//from w w w . j a v a2 s. co m iamClient.getRole(new GetRoleRequest().withRoleName(roleName)); System.out.println("Removing old role " + roleName); // Remove existing policies ListRolePoliciesResult listRolePoliciesResult = iamClient .listRolePolicies(new ListRolePoliciesRequest().withRoleName(roleName)); for (String policyName : listRolePoliciesResult.getPolicyNames()) { DeleteRolePolicyRequest deleteRolePolicyRequest = new DeleteRolePolicyRequest() .withPolicyName(policyName).withRoleName(roleName); iamClient.deleteRolePolicy(deleteRolePolicyRequest); } iamClient.deleteRole(new DeleteRoleRequest().withRoleName(roleName)); } catch (NoSuchEntityException nse) { // Role doesn't exist, so don't do anything. // Gobble the exception and loop. break; } } }
From source file:com.haskins.cloudtrailviewer.dialog.resourcedetail.detailpanels.IamRoleDetail.java
License:Open Source License
@Override public String retrieveDetails(ResourceDetailRequest detailRequest) { String response = null;/*from w w w .j av a2 s.c om*/ try { AmazonIdentityManagement client = new AmazonIdentityManagementClient(credentials); GetRoleRequest request = new GetRoleRequest(); request.setRoleName(detailRequest.getResourceName()); GetRoleResult result = client.getRole(request); buildUI(result); } catch (IllegalArgumentException | AmazonClientException e) { response = e.getMessage(); LOGGER.log(Level.WARNING, "Problem retrieving IAM Role details from AWS", e); } return response; }
From source file:com.netflix.spinnaker.clouddriver.ecs.deploy.ops.CreateServerGroupAtomicOperation.java
License:Apache License
private void checkRoleTrustRelations(String roleName) { updateTaskStatus("Checking role trust relations for: " + roleName); AmazonIdentityManagement iamClient = getAmazonIdentityManagementClient(); GetRoleResult response = iamClient.getRole(new GetRoleRequest().withRoleName(roleName)); Role role = response.getRole(); Set<IamTrustRelationship> trustedEntities = iamPolicyReader .getTrustedEntities(role.getAssumeRolePolicyDocument()); Set<String> trustedServices = trustedEntities.stream() .filter(trustRelation -> trustRelation.getType().equals("Service")) .map(IamTrustRelationship::getValue).collect(Collectors.toSet()); if (!trustedServices.contains(NECESSARY_TRUSTED_SERVICE)) { throw new IllegalArgumentException( "The " + roleName + " role does not have a trust relationship to ecs-tasks.amazonaws.com."); }/* w ww. j av a2s . c o m*/ }
From source file:com.okta.tools.awscli.java
License:Open Source License
private static void GetRoleToAssume(String roleName) { if (roleName != null && !roleName.equals("") && awsIamKey != null && awsIamSecret != null && !awsIamKey.equals("") && !awsIamSecret.equals("")) { logger.debug("Creating the AWS Identity Management client"); AmazonIdentityManagementClient identityManagementClient = new AmazonIdentityManagementClient( new BasicAWSCredentials(awsIamKey, awsIamSecret)); logger.debug("Getting role: " + roleName); GetRoleResult roleresult = identityManagementClient .getRole(new GetRoleRequest().withRoleName(roleName)); logger.debug("GetRoleResult: " + roleresult.toString()); Role role = roleresult.getRole(); logger.debug("getRole: " + role.toString()); ListAttachedRolePoliciesResult arpr = identityManagementClient .listAttachedRolePolicies(new ListAttachedRolePoliciesRequest().withRoleName(roleName)); logger.debug("ListAttachedRolePoliciesResult: " + arpr.toString()); ListRolePoliciesResult lrpr = identityManagementClient .listRolePolicies(new ListRolePoliciesRequest().withRoleName(roleName)); logger.debug("ListRolePoliciesResult: " + lrpr.toString()); List<String> inlinePolicies = lrpr.getPolicyNames(); if (inlinePolicies.size() == 0) { logger.debug("There are no inlines policies"); }// ww w . ja va 2 s .co m List<AttachedPolicy> managedPolicies = arpr.getAttachedPolicies(); if (managedPolicies.size() == 0) { logger.debug("There are no managed policies"); } if (managedPolicies.size() >= 1) //we prioritize managed policies over inline policies { List<String> lstManagedPolicies = new ArrayList<String>(); for (AttachedPolicy managedPolicy : managedPolicies) { lstManagedPolicies.add(managedPolicy.getPolicyName()); } logger.debug("Managed Policies: " + managedPolicies.toString()); //TODO: handle more than 1 policy (ask the user to choose it?) AttachedPolicy attachedPolicy = managedPolicies.get(0); logger.debug("First Attached Policy " + attachedPolicy.toString()); GetPolicyRequest gpr = new GetPolicyRequest().withPolicyArn(attachedPolicy.getPolicyArn()); GetPolicyResult rpr = identityManagementClient.getPolicy(gpr); logger.debug("GetPolicyResult: " + attachedPolicy.toString()); Policy policy = rpr.getPolicy(); GetPolicyVersionResult pvr = identityManagementClient.getPolicyVersion(new GetPolicyVersionRequest() .withPolicyArn(policy.getArn()).withVersionId(policy.getDefaultVersionId())); logger.debug("GetPolicyVersionResult: " + pvr.toString()); String policyDoc = pvr.getPolicyVersion().getDocument(); roleToAssume = ProcessPolicyDocument(policyDoc); } else if (inlinePolicies.size() >= 1) //if we only have one policy, then use it by default { logger.debug("Inline Policies " + inlinePolicies.toString()); if (inlinePolicies.size() > 1) { //there are more than one policy } //Have to set the role name and the policy name (both are mandatory fields //TODO: handle more than 1 policy (ask the user to choose it?) GetRolePolicyRequest grpr = new GetRolePolicyRequest().withRoleName(roleName) .withPolicyName(inlinePolicies.get(0)); GetRolePolicyResult rpr = identityManagementClient.getRolePolicy(grpr); String policyDoc = rpr.getPolicyDocument(); roleToAssume = ProcessPolicyDocument(policyDoc); } } }
From source file:de.is24.aws.instancemetadataserver.SecurityCredentialsController.java
License:Apache License
private Optional<Role> getAwsRole(String roleName) { try {/* w w w .j a v a 2s. c o m*/ return Optional.of(awsClientFactory.amazonIdentityManagement() .getRole(new GetRoleRequest().withRoleName(roleName)).getRole()); } catch (NoSuchEntityException e) { LOG.info("No AWS role named '{}' exists", roleName); return Optional.empty(); } }
From source file:example.swf.hellolambda.HelloTypes.java
License:Apache License
/** * Creeate an IAM role that gives SWF permissions for Lambda, and return its ARN. */// ww w . ja v a 2s .c o m public static String createLambdaRole() { final String ROLE_NAME = "hello-swf-lambda-role"; System.out.println("** Attempting to create Lambda role: " + ROLE_NAME); final String ROLE_POLICY = "{" + " \"Version\": \"2012-10-17\"," + " \"Statement\": [{" + " \"Effect\": \"Allow\"," + " \"Action\": [" + " \"lambda:InvokeFunction\"" + " ]," + " \"Resource\": [\"*\"]" + " }]" + "}"; final String SWF_LAMBDA_TRUST = "{" + " \"Version\": \"2012-10-17\"," + " \"Statement\": [" + " {" + " \"Sid\": \"\"," + " \"Effect\": \"Allow\"," + " \"Principal\": {" + " \"Service\": [" + " \"lambda.amazonaws.com\"," + " \"swf.amazonaws.com\"" + " ]" + " }," + " \"Action\": \"sts:AssumeRole\"" + " }" + " ]" + "}"; AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); CreateRoleRequest request = new CreateRoleRequest().withRoleName(ROLE_NAME) .withAssumeRolePolicyDocument(SWF_LAMBDA_TRUST); CreateRoleResult result = null; String role_arn = null; try { result = iam.createRole(request); role_arn = result.getRole().getArn(); } catch (EntityAlreadyExistsException e) { System.out.println("** IAM Role already exists!"); role_arn = iam.getRole(new GetRoleRequest().withRoleName(ROLE_NAME)).getRole().getArn(); } return role_arn; }