public Role GetRole(Construct scope, string roleId,
string[] ManagedPolicyArns,
string[] PrincipalServices,
string PolicyName)
{
var roleProps = new RoleProps {
Path = "/",
AssumedBy = new ServicePrincipal(PrincipalServices[0])
};
if (PrincipalServices.Length > 0)
{
List <PrincipalBase> principalBases = new List <PrincipalBase>();
foreach (string service in PrincipalServices)
{
PrincipalBase principalBase = new ServicePrincipal(service);
principalBases.Add(principalBase);
}
var compositePrincipal = new CompositePrincipal(principalBases.ToArray());
roleProps = new RoleProps {
Path = "/",
AssumedBy = compositePrincipal
};
}
var iamRole = new Role(scope, roleId, roleProps);
foreach (string arn in ManagedPolicyArns)
{
iamRole.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName(arn));
}
return(iamRole);
}
public Role Create(Construct scope, IConfigSettings config, string name)
{
var props = new RoleProps
{
RoleName = config.FormatName(name),
ManagedPolicies = GetManagedPolicies(scope, config),
AssumedBy = new ServicePrincipal("ec2.amazonaws.com")
};
var role = new Role(scope, config.FormatName(name), props);
return(role);
}
/// <summary>
/// Creates the role properties to be used
/// </summary>
/// <param name="assumedBy">Example: rds.amazonaws.com</param>
/// <param name="effect"></param>
/// <returns></returns>
public IRoleProps CreateRoleProperties(string roleName, string[] assumedBy, IManagedPolicy[] managedPolicies, Dictionary <string, PolicyDocument> inlinePolicies = null)
{
var principals = assumedBy.Select(x => new ServicePrincipal(x)).ToArray();
var result = new RoleProps
{
AssumedBy = new CompositePrincipal(principals),
ManagedPolicies = managedPolicies,
InlinePolicies = inlinePolicies ?? new Dictionary <string, PolicyDocument>(),
RoleName = roleName
};
return(result);
}
/// <summary>
/// Creates the role properties to be used
/// </summary>
/// <param name="assumedBy">Example: rds.amazonaws.com</param>
/// <param name="policyName">Example: RdsS3AccessPolicy</param>
/// <param name="actions">Example: new string[] { "s3:*" }</param>
/// <param name="resources">Example: new string[] { "*" }</param>
/// <param name="effect"></param>
/// <returns></returns>
public IRoleProps CreateRoleProperties(string roleName, string[] assumedBy, string policyName, string[] actions, string[] resources, IManagedPolicy[] managedPolicies = null, Effect effect = Effect.ALLOW, Dictionary <string, PolicyDocument> inlinePolicies = null)
{
var principals = assumedBy.Select(x => new ServicePrincipal(x)).ToArray();
var result = new RoleProps
{
AssumedBy = new CompositePrincipal(principals),
ManagedPolicies = managedPolicies,
InlinePolicies = inlinePolicies ?? new Dictionary <string, PolicyDocument>(),
RoleName = roleName
};
AddRolePolicyStatement(ref result, policyName, actions, resources, effect);
return(result);
}
public void AddRolePolicyStatement(ref RoleProps roleProperty, string policyName, string[] actions, string[] resources, Effect effect = Effect.ALLOW)
{
if (actions != null && actions.Any())
{
roleProperty.InlinePolicies.Add(policyName, new PolicyDocument(new PolicyDocumentProps
{
Statements = new PolicyStatement[]
{
new PolicyStatement(
new PolicyStatementProps()
{
Effect = effect,
Actions = actions,
Resources = resources
})
}
}));
}
}
public static Role GetRole(TodoInfraStack stack, string roleId,
string[] ManagedPolicyArns,
string[] PrincipalServices,
string PolicyName, string[] Actions, string resources)
{
var roleProps = new RoleProps {
Path = "/",
AssumedBy = new ServicePrincipal(PrincipalServices[0])
};
if (PrincipalServices.Length > 0)
{
List <PrincipalBase> principalBases = new List <PrincipalBase>();
foreach (string service in PrincipalServices)
{
PrincipalBase principalBase = new ServicePrincipal(service);
principalBases.Add(principalBase);
}
var compositePrincipal = new CompositePrincipal(principalBases.ToArray());
roleProps = new RoleProps {
Path = "/",
AssumedBy = compositePrincipal
};
}
var iamRole = new Role(stack, roleId, roleProps);
foreach (string arn in ManagedPolicyArns)
{
iamRole.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName(arn));
}
PolicyStatement policyStatement = new PolicyStatement(new PolicyStatementProps {
Actions = Actions,
Resources = new string[] { resources },
Effect = Effect.ALLOW
});
iamRole.AddToPolicy(policyStatement);
return(iamRole);
}
public void AddRolePolicyStatement(ref RoleProps roleProperty, string policyName, string[] actions, string[] resources, Effect effect = Effect.ALLOW)
{
HandlerResources.AwsCdkRoleHandler.AddRolePolicyStatement(ref roleProperty, policyName, actions, resources, effect);
}