/// <summary>
/// Create the instance profile that will give permission for the EC2 instance to make request to Amazon S3.
/// </summary>
/// <returns></returns>
static string CreateInstanceProfile()
{
var client = new AmazonIdentityManagementServiceClient();
var roleName = Args.Value("Role");
CreateRole();
CreateRolePolicy();
var response = client.CreateInstanceProfile(new CreateInstanceProfileRequest
{
InstanceProfileName = roleName
});
return(response.InstanceProfile.Arn);
}
public void IdentityManagementServiceCreateInstanceProfile()
{
#region 5d84e6ae-5921-4e39-8454-10232cd9ff9a
var client = new AmazonIdentityManagementServiceClient();
var response = client.CreateInstanceProfile(new CreateInstanceProfileRequest
{
InstanceProfileName = "Webserver"
});
InstanceProfile instanceProfile = response.InstanceProfile;
#endregion
}
static string CreateInstanceProfile()
{
var roleName = "ec2-sample-" + RESOURCDE_POSTFIX;
var client = new AmazonIdentityManagementServiceClient();
client.CreateRole(new CreateRoleRequest
{
RoleName = roleName,
AssumeRolePolicyDocument = @"{""Statement"":[{""Principal"":{""Service"":[""ec2.amazonaws.com""]},""Effect"":""Allow"",""Action"":[""sts:AssumeRole""]}]}"
});
var statement = new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow);
statement.Actions.Add(S3ActionIdentifiers.AllS3Actions);
statement.Resources.Add(new Resource("*"));
var policy = new Policy();
policy.Statements.Add(statement);
client.PutRolePolicy(new PutRolePolicyRequest
{
RoleName = roleName,
PolicyName = "S3Access",
PolicyDocument = policy.ToJson()
});
var response = client.CreateInstanceProfile(new CreateInstanceProfileRequest
{
InstanceProfileName = roleName
});
client.AddRoleToInstanceProfile(new AddRoleToInstanceProfileRequest
{
InstanceProfileName = roleName,
RoleName = roleName
});
return(response.InstanceProfile.Arn);
}
