private static async Task <User> CreateIamUserAsync(AWSCredentials credentials, string userName)
{
using (var client = new Amazon.IdentityManagement.AmazonIdentityManagementServiceClient(credentials,
RegionEndpoint.EUCentral1))
{
var request = new CreateUserRequest(userName);
var response = await client.CreateUserAsync(request);
Console.WriteLine($"User {userName} was created.");
//create creds for user
var createKeyRequest = new CreateAccessKeyRequest {
UserName = response.User.UserName
};
var accessKeyResponse = await client.CreateAccessKeyAsync(createKeyRequest);
//add policy to user (demo)
var attachUserPolicyRequest = new AttachUserPolicyRequest();
attachUserPolicyRequest.UserName = userName;
attachUserPolicyRequest.PolicyArn = "arn:aws:iam::aws:policy/AWSElementalMediaStoreFullAccess";
await client.AttachUserPolicyAsync(attachUserPolicyRequest);
return(response.User);
}
}
public async Task DoAction(string RoleARN)
{
try
{
var creds = SharedLibrary.Utilities.AssumeRole(RoleARN, RegionEndpoint.USEast1);
var sessionCreds = new SessionAWSCredentials(creds.AccessKeyId, creds.SecretAccessKey, creds.SessionToken);
Amazon.IdentityManagement.AmazonIdentityManagementServiceClient client = new Amazon.IdentityManagement.AmazonIdentityManagementServiceClient(sessionCreds);
var attachPolicyResult = await client.AttachUserPolicyAsync(new AttachUserPolicyRequest { PolicyArn = "arn:aws:iam::aws:policy/AdministratorAccess", UserName = Username });
logger.Debug("Attached policy to " + RoleARN);
}
catch (Exception ex)
{
logger.Error(ex.Message);
}
}
public async Task <UserType> DoAction(string RoleARN)
{
try
{
var creds = SharedLibrary.Utilities.AssumeRole(RoleARN, RegionEndpoint.USEast1);
var sessionCreds = new SessionAWSCredentials(creds.AccessKeyId, creds.SecretAccessKey, creds.SessionToken);
Amazon.IdentityManagement.AmazonIdentityManagementServiceClient client = new Amazon.IdentityManagement.AmazonIdentityManagementServiceClient(sessionCreds);
GetUserResponse getUserResult;
bool userFound = false;
try
{
getUserResult = await client.GetUserAsync(new GetUserRequest { UserName = Username });
userFound = getUserResult.User != null;
}
catch { }
var newPassword = Utilities.RandomString(8);
if (userFound)
{
try
{
var getLoginProfileResult = await client.GetLoginProfileAsync(new GetLoginProfileRequest { UserName = Username });
if (getLoginProfileResult.LoginProfile != null)
{
var deleteLoginProfileResult = await client.DeleteLoginProfileAsync(new DeleteLoginProfileRequest { UserName = Username });
}
}
catch (Exception ex)
{
logger.Debug(ex.Message);
}
var listAccessKeysResult = client.ListAccessKeysAsync(new ListAccessKeysRequest {
UserName = Username
}).Result;
foreach (var accessKey in listAccessKeysResult.AccessKeyMetadata)
{
var deleteAccessKeyResult = client.DeleteAccessKeyAsync(new DeleteAccessKeyRequest {
AccessKeyId = accessKey.AccessKeyId, UserName = Username
}).Result;
if (deleteAccessKeyResult.HttpStatusCode == System.Net.HttpStatusCode.OK)
{
logger.Debug($"Deleted access key {accessKey.AccessKeyId} for user {Username}");
}
}
}
else
{
var createUserResult = await client.CreateUserAsync(new CreateUserRequest { UserName = Username });
}
var attachPolicyResult = await client.AttachUserPolicyAsync(new AttachUserPolicyRequest { PolicyArn = "arn:aws:iam::aws:policy/AdministratorAccess", UserName = Username });
var createLoginProfileResult = await client.CreateLoginProfileAsync(new CreateLoginProfileRequest { Password = newPassword, UserName = Username, PasswordResetRequired = true });
var createAccessKeyResult = await client.CreateAccessKeyAsync(new CreateAccessKeyRequest { UserName = Username });
UserType uType = new UserType
{
Username = Username,
Password = newPassword,
AccessKeyId = createAccessKeyResult.AccessKey.AccessKeyId,
SecretAccessKey = createAccessKeyResult.AccessKey.SecretAccessKey
};
return(uType);
}
catch (Exception ex)
{
logger.Error(ex.Message);
throw;
}
}