public static string PrepareRole()
{
// Assume role policy which accepts OAuth tokens from Google, Facebook or Cognito, and allows AssumeRoleWithWebIdentity action.
string assumeRolePolicy = @"{
""Version"":""2012-10-17"",
""Statement"":[
{
""Effect"":""Allow"",
""Principal"":{
""Federated"":[""accounts.google.com"",""graph.facebook.com"", ""cognito-identity.amazonaws.com""]
},
""Action"":[""sts:AssumeRoleWithWebIdentity""]
}
]
}";
// Role policy that allows all operations for a number of services
var allowPolicy = @"{
""Version"" : ""2012-10-17"",
""Statement"" : [
{
""Effect"" : ""Allow"",
""Action"" : [
""ec2:*"",
""iam:*"",
""cloudwatch:*"",
""cognito-identity:*"",
""cognito-sync:*"",
""s3:*""
],
""Resource"" : ""*""
}
]
}";
string roleArn;
using (var identityClient = new Amazon.IdentityManagement.AmazonIdentityManagementServiceClient())
{
string roleName = "NetWebIdentityRole" + new Random().Next();
var response = identityClient.CreateRole(new Amazon.IdentityManagement.Model.CreateRoleRequest
{
AssumeRolePolicyDocument = assumeRolePolicy,
RoleName = roleName
});
identityClient.PutRolePolicy(new Amazon.IdentityManagement.Model.PutRolePolicyRequest
{
PolicyDocument = allowPolicy,
PolicyName = policyName,
RoleName = response.Role.RoleName
});
roleArn = response.Role.Arn;
roleNames.Add(roleName);
}
return(roleArn);
}
public string PrepareRole()
{
// Assume role policy which accepts OAuth tokens from Google, Facebook or Cognito, and allows AssumeRoleWithWebIdentity action.
string assumeRolePolicy = @"{
""Version"":""2012-10-17"",
""Statement"":[
{
""Effect"":""Allow"",
""Principal"":{
""Federated"":[""accounts.google.com"",""graph.facebook.com"", ""cognito-identity.amazonaws.com""]
},
""Action"":[""sts:AssumeRoleWithWebIdentity""]
}
]
}";
// Role policy that allows all operations for a number of services
var allowPolicy = @"{
""Version"" : ""2012-10-17"",
""Statement"" : [
{
""Effect"" : ""Allow"",
""Action"" : [
""ec2:*"",
""iam:*"",
""cloudwatch:*"",
""cognito-identity:*"",
""cognito-sync:*"",
""s3:*""
],
""Resource"" : ""*""
}
]
}";
string roleArn;
using (var identityClient = new Amazon.IdentityManagement.AmazonIdentityManagementServiceClient())
{
string roleName = "NetWebIdentityRole" + new Random().Next();
var response = identityClient.CreateRole(new Amazon.IdentityManagement.Model.CreateRoleRequest
{
AssumeRolePolicyDocument = assumeRolePolicy,
RoleName = roleName
});
Thread.Sleep(2000);
identityClient.PutRolePolicy(new Amazon.IdentityManagement.Model.PutRolePolicyRequest
{
PolicyDocument = allowPolicy,
PolicyName = policyName,
RoleName = response.Role.RoleName
});
Thread.Sleep(2000);
roleArn = response.Role.Arn;
roleNames.Add(roleName);
}
return roleArn;
}