private Amazon.IdentityManagement.Model.AttachRolePolicyResponse CallAWSServiceOperation(IAmazonIdentityManagementService client, Amazon.IdentityManagement.Model.AttachRolePolicyRequest request) { Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Identity and Access Management", "AttachRolePolicy"); try { #if DESKTOP return(client.AttachRolePolicy(request)); #elif CORECLR return(client.AttachRolePolicyAsync(request).GetAwaiter().GetResult()); #else #error "Unknown build edition" #endif } catch (AmazonServiceException exc) { var webException = exc.InnerException as System.Net.WebException; if (webException != null) { throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException); } throw; } }
public async Task AttachIamRolePolicy(IAmazonIdentityManagementService iamClient, string roleName, string policyArn) { try { Console.WriteLine("Attaching IAM Role Policy"); ListAttachedRolePoliciesResponse response = await iamClient.ListAttachedRolePoliciesAsync( new ListAttachedRolePoliciesRequest() { RoleName = roleName }); List <AttachedPolicyType> attachedPolicies = response.AttachedPolicies; foreach (var attachedPolicyType in attachedPolicies) { if (policyArn.Equals(attachedPolicyType.PolicyArn)) { Console.WriteLine($"Policy : {policyArn} is already attached to role {roleName}"); return; } } await iamClient.AttachRolePolicyAsync(new AttachRolePolicyRequest() { RoleName = roleName, PolicyArn = policyArn }); Console.WriteLine($"Successfully attached policy : {policyArn} to role {roleName}"); } catch (Exception e) { Console.WriteLine($"IAM policy attach failed: {e}"); throw; } }
public static string CreateRole(IAmazonIdentityManagementService iamClient, string roleName, string assuleRolePolicy, params string[] managedPolicies) { if (managedPolicies != null && managedPolicies.Length > 0) { for (int i = 0; i < managedPolicies.Length; i++) { managedPolicies[i] = ExpandManagedPolicyName(iamClient, managedPolicies[i]); } } string roleArn; try { CreateRoleRequest request = new CreateRoleRequest { RoleName = roleName, AssumeRolePolicyDocument = assuleRolePolicy }; var response = iamClient.CreateRoleAsync(request).Result; roleArn = response.Role.Arn; } catch (Exception e) { throw new ToolsException($"Error creating IAM Role: {e.Message}", ToolsException.CommonErrorCode.IAMCreateRole, e); } if (managedPolicies != null && managedPolicies.Length > 0) { try { foreach (var managedPolicy in managedPolicies) { var request = new AttachRolePolicyRequest { RoleName = roleName, PolicyArn = managedPolicy }; iamClient.AttachRolePolicyAsync(request).Wait(); } } catch (Exception e) { throw new ToolsException($"Error assigning managed IAM Policy: {e.Message}", ToolsException.CommonErrorCode.IAMAttachRole, e); } } bool found = false; do { // There is no way check if the role has propagated yet so to // avoid error during deployment creation do a generous sleep. Console.WriteLine("Waiting for new IAM Role to propagate to AWS regions"); long start = DateTime.Now.Ticks; while (TimeSpan.FromTicks(DateTime.Now.Ticks - start).TotalSeconds < SLEEP_TIME_FOR_ROLE_PROPOGATION.TotalSeconds) { Thread.Sleep(TimeSpan.FromSeconds(1)); Console.Write("."); Console.Out.Flush(); } Console.WriteLine("\t Done"); try { var getResponse = iamClient.GetRoleAsync(new GetRoleRequest { RoleName = roleName }).Result; if (getResponse.Role != null) { found = true; } } catch (NoSuchEntityException) { } catch (Exception e) { throw new ToolsException("Error confirming new role was created: " + e.Message, ToolsException.CommonErrorCode.IAMGetRole, e); } } while (!found); return(roleArn); }