public Task <AddRoleToInstanceProfileResponse> AddRoleToInstanceProfileAsync( string profileName, string roleName, CancellationToken cancellationToken = default(CancellationToken)) => _IAMClient.AddRoleToInstanceProfileAsync( new AddRoleToInstanceProfileRequest() { InstanceProfileName = profileName, RoleName = roleName }, cancellationToken).EnsureSuccessAsync();
/// <summary> /// Create the instance profile that will give permission for the EC2 instance to make request to Amazon S3. /// </summary> /// <returns></returns> string CreateInstanceProfile() { var roleName = "magicec2" + RESOURCDE_POSTFIX; // AmazonIdentityManagementServiceClient var client = new AmazonIdentityManagementServiceClient(accessKeyId, secretAccessKey, region); client.CreateRoleAsync(new CreateRoleRequest { RoleName = roleName, AssumeRolePolicyDocument = @"{""Statement"":[{""Principal"":{""Service"":[""ec2.amazonaws.com""]},""Effect"":""Allow"",""Action"":[""sts:AssumeRole""]}]}" }); var statement = new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow); statement.Actions.Add(S3ActionIdentifiers.AllS3Actions); statement.Resources.Add(new Resource("*")); var policy = new Policy(); policy.Statements.Add(statement); client.PutRolePolicyAsync(new PutRolePolicyRequest { RoleName = roleName, PolicyName = "S3Access", PolicyDocument = policy.ToJson() }); var response = client.CreateInstanceProfileAsync(new CreateInstanceProfileRequest { InstanceProfileName = roleName }); client.AddRoleToInstanceProfileAsync(new AddRoleToInstanceProfileRequest { InstanceProfileName = roleName, RoleName = roleName }); return(response.Result.InstanceProfile.Arn); }