List of usage examples for com.amazonaws.services.identitymanagement.model PutRolePolicyRequest PutRolePolicyRequest
PutRolePolicyRequest
From source file:AbstractAmazonKinesisFirehoseDelivery.java
License:Open Source License
/** * Method to put the role policy with permissions document. Permission document would change * based on KMS Key ARN specified in properties file. If KMS Key ARN is specified, permissions * document will contain KMS resource.// w ww .ja v a 2 s . c om * * @param s3Prefix the s3Prefix which will be included in KMS Condition (only if KMS Key is provided) */ protected static void putRolePolicy(String s3Prefix) { try { // set permissions policy for the role String permissionsPolicyDocument = containsKMSKeyARN() ? getPermissionsPolicyWithKMSResources(s3Prefix) : getPermissionsPolicyWithoutKMSResources(); iamClient.putRolePolicy(new PutRolePolicyRequest().withRoleName(iamRoleName) .withPolicyName(FIREHOSE_ROLE_POLICY_NAME).withPolicyDocument(permissionsPolicyDocument)); } catch (MalformedPolicyDocumentException policyDocumentException) { LOG.error(String.format("Please check the permissions policy document for malformation: %s", containsKMSKeyARN() ? IAM_ROLE_PERMISSIONS_POLICY_WITH_KMS_RESOURCES_DOCUMENT : IAM_ROLE_PERMISSIONS_POLICY_WITHOUT_KMS_RESOURCES_DOCUMENT)); throw policyDocumentException; } }
From source file:awslabs.lab41.SolutionCode.java
License:Open Source License
@Override public String prepMode_CreateRole(AmazonIdentityManagementClient iamClient, String roleName, String policyText, String trustRelationshipText) { String roleArn = null;/*from ww w.j a va2s. com*/ // Construct a CreateRoleRequest object using the specified name and "assume role" policy. The policy is the trustRelationshipText parameter. CreateRoleRequest createRoleRequest = new CreateRoleRequest() .withAssumeRolePolicyDocument(trustRelationshipText).withRoleName(roleName); // Submit the request using the createRole method of the iamClient object. // Retrieve and store the role ARN from the request response. roleArn = iamClient.createRole(createRoleRequest).getRole().getArn(); // Construct a PutRolePolicyRequest object using the provided policy for the new role. Use whatever policy name you like. PutRolePolicyRequest putRolePolicyRequest = new PutRolePolicyRequest().withPolicyDocument(policyText) .withPolicyName(roleName + "_policy").withRoleName(roleName); // Submit the request using the putRolePolicy method of the iamClient object. iamClient.putRolePolicy(putRolePolicyRequest); // Return the ARN for the new role. return roleArn; }