private string GetMembershipBasedPolicy(MembershipTier membership)
{
string policyTemplateFile = String.Empty;
switch (membership)
{
case MembershipTier.Silver:
{
policyTemplateFile = "SilverTierPolicyTemplate";
break;
}
case MembershipTier.Gold:
{
policyTemplateFile = "GoldTierPolicyTemplate";
break;
}
default:
{
throw new NotImplementedException("Found an unknown membership type");
}
}
return(GetPolicyTemplate(policyTemplateFile));
}
public AWSCredentials GetTenantCredentials()
{
string claimType = "custom:tenant-id";
string tierType = "custom:tier";
var tenantId = _claims.Claims.Where(c => c.Type == claimType).FirstOrDefault().Value;
MembershipTier membership = (MembershipTier)Enum.Parse(typeof(MembershipTier), _claims.Claims
.Where(c => c.Type == tierType).FirstOrDefault().Value);
string template = GetPolicyTemplate("TestPolicyTemplate");
AssumeRoleRequest request = new AssumeRoleRequest();
request.DurationSeconds = 900;
request.RoleArn = "arn:aws:iam::123456789123:role/MyPetApp-SecurityModuleRole";
request.RoleSessionName = $"MyPetApp-Session-{tenantId}";
string dynamicPolicy = template
.Replace("###tenant-id###", tenantId)
.Replace("###bucket-name###", "my-pet-app")
.Replace("###table-arn###", "arn:aws:dynamodb:ap-southeast-2:123456789123:table/Animals");
request.Policy = dynamicPolicy;
return(_sts.AssumeRoleAsync(request).Result.Credentials);
}
