private Amazon.IdentityManagement.Model.AttachRolePolicyResponse CallAWSServiceOperation(IAmazonIdentityManagementService client, Amazon.IdentityManagement.Model.AttachRolePolicyRequest request)
{
Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Identity and Access Management", "AttachRolePolicy");
try
{
#if DESKTOP
return(client.AttachRolePolicy(request));
#elif CORECLR
return(client.AttachRolePolicyAsync(request).GetAwaiter().GetResult());
#else
#error "Unknown build edition"
#endif
}
catch (AmazonServiceException exc)
{
var webException = exc.InnerException as System.Net.WebException;
if (webException != null)
{
throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
}
throw;
}
}
public async Task AttachIamRolePolicy(IAmazonIdentityManagementService iamClient, string roleName,
string policyArn)
{
try
{
Console.WriteLine("Attaching IAM Role Policy");
ListAttachedRolePoliciesResponse response = await iamClient.ListAttachedRolePoliciesAsync(
new ListAttachedRolePoliciesRequest()
{
RoleName = roleName
});
List <AttachedPolicyType> attachedPolicies = response.AttachedPolicies;
foreach (var attachedPolicyType in attachedPolicies)
{
if (policyArn.Equals(attachedPolicyType.PolicyArn))
{
Console.WriteLine($"Policy : {policyArn} is already attached to role {roleName}");
return;
}
}
await iamClient.AttachRolePolicyAsync(new AttachRolePolicyRequest()
{
RoleName = roleName,
PolicyArn = policyArn
});
Console.WriteLine($"Successfully attached policy : {policyArn} to role {roleName}");
}
catch (Exception e)
{
Console.WriteLine($"IAM policy attach failed: {e}");
throw;
}
}
public static string CreateRole(IAmazonIdentityManagementService iamClient, string roleName, string assuleRolePolicy, params string[] managedPolicies)
{
if (managedPolicies != null && managedPolicies.Length > 0)
{
for (int i = 0; i < managedPolicies.Length; i++)
{
managedPolicies[i] = ExpandManagedPolicyName(iamClient, managedPolicies[i]);
}
}
string roleArn;
try
{
CreateRoleRequest request = new CreateRoleRequest
{
RoleName = roleName,
AssumeRolePolicyDocument = assuleRolePolicy
};
var response = iamClient.CreateRoleAsync(request).Result;
roleArn = response.Role.Arn;
}
catch (Exception e)
{
throw new ToolsException($"Error creating IAM Role: {e.Message}", ToolsException.CommonErrorCode.IAMCreateRole, e);
}
if (managedPolicies != null && managedPolicies.Length > 0)
{
try
{
foreach (var managedPolicy in managedPolicies)
{
var request = new AttachRolePolicyRequest
{
RoleName = roleName,
PolicyArn = managedPolicy
};
iamClient.AttachRolePolicyAsync(request).Wait();
}
}
catch (Exception e)
{
throw new ToolsException($"Error assigning managed IAM Policy: {e.Message}", ToolsException.CommonErrorCode.IAMAttachRole, e);
}
}
bool found = false;
do
{
// There is no way check if the role has propagated yet so to
// avoid error during deployment creation do a generous sleep.
Console.WriteLine("Waiting for new IAM Role to propagate to AWS regions");
long start = DateTime.Now.Ticks;
while (TimeSpan.FromTicks(DateTime.Now.Ticks - start).TotalSeconds < SLEEP_TIME_FOR_ROLE_PROPOGATION.TotalSeconds)
{
Thread.Sleep(TimeSpan.FromSeconds(1));
Console.Write(".");
Console.Out.Flush();
}
Console.WriteLine("\t Done");
try
{
var getResponse = iamClient.GetRoleAsync(new GetRoleRequest {
RoleName = roleName
}).Result;
if (getResponse.Role != null)
{
found = true;
}
}
catch (NoSuchEntityException)
{
}
catch (Exception e)
{
throw new ToolsException("Error confirming new role was created: " + e.Message, ToolsException.CommonErrorCode.IAMGetRole, e);
}
} while (!found);
return(roleArn);
}
