public Role GetRole(Construct scope, string roleId, string[] ManagedPolicyArns, string[] PrincipalServices, string PolicyName) { var roleProps = new RoleProps { Path = "/", AssumedBy = new ServicePrincipal(PrincipalServices[0]) }; if (PrincipalServices.Length > 0) { List <PrincipalBase> principalBases = new List <PrincipalBase>(); foreach (string service in PrincipalServices) { PrincipalBase principalBase = new ServicePrincipal(service); principalBases.Add(principalBase); } var compositePrincipal = new CompositePrincipal(principalBases.ToArray()); roleProps = new RoleProps { Path = "/", AssumedBy = compositePrincipal }; } var iamRole = new Role(scope, roleId, roleProps); foreach (string arn in ManagedPolicyArns) { iamRole.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName(arn)); } return(iamRole); }
public Role Create(Construct scope, IConfigSettings config, string name) { var props = new RoleProps { RoleName = config.FormatName(name), ManagedPolicies = GetManagedPolicies(scope, config), AssumedBy = new ServicePrincipal("ec2.amazonaws.com") }; var role = new Role(scope, config.FormatName(name), props); return(role); }
/// <summary> /// Creates the role properties to be used /// </summary> /// <param name="assumedBy">Example: rds.amazonaws.com</param> /// <param name="effect"></param> /// <returns></returns> public IRoleProps CreateRoleProperties(string roleName, string[] assumedBy, IManagedPolicy[] managedPolicies, Dictionary <string, PolicyDocument> inlinePolicies = null) { var principals = assumedBy.Select(x => new ServicePrincipal(x)).ToArray(); var result = new RoleProps { AssumedBy = new CompositePrincipal(principals), ManagedPolicies = managedPolicies, InlinePolicies = inlinePolicies ?? new Dictionary <string, PolicyDocument>(), RoleName = roleName }; return(result); }
/// <summary> /// Creates the role properties to be used /// </summary> /// <param name="assumedBy">Example: rds.amazonaws.com</param> /// <param name="policyName">Example: RdsS3AccessPolicy</param> /// <param name="actions">Example: new string[] { "s3:*" }</param> /// <param name="resources">Example: new string[] { "*" }</param> /// <param name="effect"></param> /// <returns></returns> public IRoleProps CreateRoleProperties(string roleName, string[] assumedBy, string policyName, string[] actions, string[] resources, IManagedPolicy[] managedPolicies = null, Effect effect = Effect.ALLOW, Dictionary <string, PolicyDocument> inlinePolicies = null) { var principals = assumedBy.Select(x => new ServicePrincipal(x)).ToArray(); var result = new RoleProps { AssumedBy = new CompositePrincipal(principals), ManagedPolicies = managedPolicies, InlinePolicies = inlinePolicies ?? new Dictionary <string, PolicyDocument>(), RoleName = roleName }; AddRolePolicyStatement(ref result, policyName, actions, resources, effect); return(result); }
public void AddRolePolicyStatement(ref RoleProps roleProperty, string policyName, string[] actions, string[] resources, Effect effect = Effect.ALLOW) { if (actions != null && actions.Any()) { roleProperty.InlinePolicies.Add(policyName, new PolicyDocument(new PolicyDocumentProps { Statements = new PolicyStatement[] { new PolicyStatement( new PolicyStatementProps() { Effect = effect, Actions = actions, Resources = resources }) } })); } }
public static Role GetRole(TodoInfraStack stack, string roleId, string[] ManagedPolicyArns, string[] PrincipalServices, string PolicyName, string[] Actions, string resources) { var roleProps = new RoleProps { Path = "/", AssumedBy = new ServicePrincipal(PrincipalServices[0]) }; if (PrincipalServices.Length > 0) { List <PrincipalBase> principalBases = new List <PrincipalBase>(); foreach (string service in PrincipalServices) { PrincipalBase principalBase = new ServicePrincipal(service); principalBases.Add(principalBase); } var compositePrincipal = new CompositePrincipal(principalBases.ToArray()); roleProps = new RoleProps { Path = "/", AssumedBy = compositePrincipal }; } var iamRole = new Role(stack, roleId, roleProps); foreach (string arn in ManagedPolicyArns) { iamRole.AddManagedPolicy(ManagedPolicy.FromAwsManagedPolicyName(arn)); } PolicyStatement policyStatement = new PolicyStatement(new PolicyStatementProps { Actions = Actions, Resources = new string[] { resources }, Effect = Effect.ALLOW }); iamRole.AddToPolicy(policyStatement); return(iamRole); }
public void AddRolePolicyStatement(ref RoleProps roleProperty, string policyName, string[] actions, string[] resources, Effect effect = Effect.ALLOW) { HandlerResources.AwsCdkRoleHandler.AddRolePolicyStatement(ref roleProperty, policyName, actions, resources, effect); }