Exemple #1
0
        private static string PromptToCreateRole(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo)
        {
            Console.Out.WriteLine($"Enter name of the new IAM Role:");
            var roleName = Console.ReadLine();

            if (string.IsNullOrWhiteSpace(roleName))
            {
                return(null);
            }

            roleName = roleName.Trim();

            Console.Out.WriteLine("Select IAM Policy to attach to the new role and grant permissions");

            var managedPolices = FindManagedPoliciesAsync(iamClient, promptInfo, DEFAULT_ITEM_MAX).Result;

            for (int i = 0; i < managedPolices.Count; i++)
            {
                var line = $"   {(i + 1).ToString().PadLeft(2)}) {managedPolices[i].PolicyName}";

                var description = AttemptToGetPolicyDescription(managedPolices[i].Arn, promptInfo.KnownManagedPolicyDescription);
                if (!string.IsNullOrEmpty(description))
                {
                    if ((line.Length + description.Length) > MAX_LINE_LENGTH_FOR_MANAGED_ROLE)
                    {
                        description = description.Substring(0, MAX_LINE_LENGTH_FOR_MANAGED_ROLE - line.Length) + " ...";
                    }
                    line += $" ({description})";
                }

                Console.Out.WriteLine(line);
            }

            Console.Out.WriteLine($"   {(managedPolices.Count + 1).ToString().PadLeft(2)}) *** No policy, add permissions later ***");
            Console.Out.Flush();

            int chosenIndex = Utilities.WaitForPromptResponseByIndex(1, managedPolices.Count + 1);

            string managedPolicyArn = null;

            if (chosenIndex < managedPolices.Count)
            {
                var selectedPolicy = managedPolices[chosenIndex - 1];
                managedPolicyArn = selectedPolicy.Arn;
            }

            var roleArn = CreateRole(iamClient, roleName, Utilities.GetAssumeRolePolicy(promptInfo.AssumeRolePrincipal), managedPolicyArn);

            return(roleArn);
        }
Exemple #2
0
        public static string PromptForRole(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo)
        {
            var existingRoles = FindExistingRoles(iamClient, promptInfo.AssumeRolePrincipal, DEFAULT_ITEM_MAX);

            if (existingRoles.Count == 0)
            {
                return(PromptToCreateRole(iamClient, promptInfo));
            }

            var roleArn = SelectFromExisting(iamClient, promptInfo, existingRoles);

            return(roleArn);
        }
Exemple #3
0
        private static string SelectFromExisting(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo, IList <Role> existingRoles)
        {
            Console.Out.WriteLine("Select IAM Role that to provide AWS credentials to your code:");
            for (int i = 0; i < existingRoles.Count; i++)
            {
                Console.Out.WriteLine($"   {(i + 1).ToString().PadLeft(2)}) {existingRoles[i].RoleName}");
            }

            Console.Out.WriteLine($"   {(existingRoles.Count + 1).ToString().PadLeft(2)}) *** Create new IAM Role ***");
            Console.Out.Flush();

            int chosenIndex = Utilities.WaitForPromptResponseByIndex(1, existingRoles.Count + 1);

            if (chosenIndex - 1 < existingRoles.Count)
            {
                return(existingRoles[chosenIndex - 1].Arn);
            }
            else
            {
                return(PromptToCreateRole(iamClient, promptInfo));
            }
        }
Exemple #4
0
        public static async Task <IList <ManagedPolicy> > FindManagedPoliciesAsync(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo, int maxPolicies)
        {
            ListPoliciesRequest request = new ListPoliciesRequest
            {
                Scope = PolicyScopeType.AWS,
            };
            ListPoliciesResponse response = null;

            IList <ManagedPolicy> policies = new List <ManagedPolicy>();

            do
            {
                request.Marker = response?.Marker;
                response       = await iamClient.ListPoliciesAsync(request).ConfigureAwait(false);

                foreach (var policy in response.Policies)
                {
                    if (policy.IsAttachable &&
                        (promptInfo.KnownManagedPolicyDescription.ContainsKey(policy.PolicyName) ||
                         (promptInfo.AWSManagedPolicyNamePrefix != null && policy.PolicyName.StartsWith(promptInfo.AWSManagedPolicyNamePrefix)))
                        )
                    {
                        policies.Add(policy);
                    }

                    if (policies.Count == maxPolicies)
                    {
                        return(policies);
                    }
                }
            } while (response.IsTruncated);

            response = await iamClient.ListPoliciesAsync(new ListPoliciesRequest
            {
                Scope = PolicyScopeType.Local
            });

            foreach (var policy in response.Policies)
            {
                if (policy.IsAttachable)
                {
                    policies.Add(policy);
                }

                if (policies.Count == maxPolicies)
                {
                    return(policies);
                }
            }


            return(policies);
        }