private string GetMembershipBasedPolicy(MembershipTier membership) { string policyTemplateFile = String.Empty; switch (membership) { case MembershipTier.Silver: { policyTemplateFile = "SilverTierPolicyTemplate"; break; } case MembershipTier.Gold: { policyTemplateFile = "GoldTierPolicyTemplate"; break; } default: { throw new NotImplementedException("Found an unknown membership type"); } } return(GetPolicyTemplate(policyTemplateFile)); }
public AWSCredentials GetTenantCredentials() { string claimType = "custom:tenant-id"; string tierType = "custom:tier"; var tenantId = _claims.Claims.Where(c => c.Type == claimType).FirstOrDefault().Value; MembershipTier membership = (MembershipTier)Enum.Parse(typeof(MembershipTier), _claims.Claims .Where(c => c.Type == tierType).FirstOrDefault().Value); string template = GetPolicyTemplate("TestPolicyTemplate"); AssumeRoleRequest request = new AssumeRoleRequest(); request.DurationSeconds = 900; request.RoleArn = "arn:aws:iam::123456789123:role/MyPetApp-SecurityModuleRole"; request.RoleSessionName = $"MyPetApp-Session-{tenantId}"; string dynamicPolicy = template .Replace("###tenant-id###", tenantId) .Replace("###bucket-name###", "my-pet-app") .Replace("###table-arn###", "arn:aws:dynamodb:ap-southeast-2:123456789123:table/Animals"); request.Policy = dynamicPolicy; return(_sts.AssumeRoleAsync(request).Result.Credentials); }