public Task <CreateInstanceProfileResponse> CreateInstanceProfileAsync(
string name,
CancellationToken cancellationToken = default(CancellationToken))
=> _IAMClient.CreateInstanceProfileAsync(
new CreateInstanceProfileRequest()
{
InstanceProfileName = name
},
cancellationToken).EnsureSuccessAsync();
/// <summary>
/// Create the instance profile that will give permission for the EC2 instance to make request to Amazon S3.
/// </summary>
/// <returns></returns>
string CreateInstanceProfile()
{
var roleName = "magicec2" + RESOURCDE_POSTFIX;
// AmazonIdentityManagementServiceClient
var client = new AmazonIdentityManagementServiceClient(accessKeyId, secretAccessKey, region);
client.CreateRoleAsync(new CreateRoleRequest
{
RoleName = roleName,
AssumeRolePolicyDocument = @"{""Statement"":[{""Principal"":{""Service"":[""ec2.amazonaws.com""]},""Effect"":""Allow"",""Action"":[""sts:AssumeRole""]}]}"
});
var statement = new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow);
statement.Actions.Add(S3ActionIdentifiers.AllS3Actions);
statement.Resources.Add(new Resource("*"));
var policy = new Policy();
policy.Statements.Add(statement);
client.PutRolePolicyAsync(new PutRolePolicyRequest
{
RoleName = roleName,
PolicyName = "S3Access",
PolicyDocument = policy.ToJson()
});
var response = client.CreateInstanceProfileAsync(new CreateInstanceProfileRequest
{
InstanceProfileName = roleName
});
client.AddRoleToInstanceProfileAsync(new AddRoleToInstanceProfileRequest
{
InstanceProfileName = roleName,
RoleName = roleName
});
return(response.Result.InstanceProfile.Arn);
}
