virtual public string PrepMode_CreateRole(AmazonIdentityManagementServiceClient iamClient, string roleName, string policyText, string trustRelationshipText) { var roleArn = String.Empty; // Use the CreateRoleRequest object to define the role. The AssumeRolePolicyDocument property should be // set to the value of the trustRelationshipText parameter. var createRoleRequest = new CreateRoleRequest { AssumeRolePolicyDocument = trustRelationshipText, RoleName = roleName }; roleArn = iamClient.CreateRole(createRoleRequest).Role.Arn; // Use the PutRolePolicyRequest object to define the request. Select whatever policy name you would like. // The PolicyDocument property is there the policy is described. var putRolePolicyRequest = new PutRolePolicyRequest { RoleName = roleName, PolicyName = String.Format("{0}_policy", roleName), PolicyDocument = policyText }; iamClient.PutRolePolicy(putRolePolicyRequest); return(roleArn); }
public async Task <IEnumerable <Policy> > PutPoliciesAsync(RoleName roleName, IEnumerable <Policy> policies) { var policiesAdded = new List <Policy>(); var tasks = new List <Task>(); foreach (var policy in policies) { tasks.Add(Task.Run(async() => { GetRolePolicyResponse getRolePolicyResponse; try { getRolePolicyResponse = await _client.GetPolicyAsync(new GetRolePolicyRequest { RoleName = roleName, PolicyName = policy.Name }); } catch (NoSuchEntityException) { getRolePolicyResponse = null; } if ( getRolePolicyResponse != null && policy.Document == Uri.UnescapeDataString(getRolePolicyResponse.PolicyDocument) ) { return; } policiesAdded.Add(policy); var rolePolicyRequest = new PutRolePolicyRequest { RoleName = roleName, PolicyName = policy.Name, PolicyDocument = policy.Document }; await _client.PutRolePolicyAsync(rolePolicyRequest); } ) ); } Task.WaitAll(tasks.ToArray()); return(policiesAdded); }
//Button 4 - CloudBerry private void button4_Click(object sender, EventArgs e) { var oldpolicy = ""; txtOutput.Text += "Editing CB Role Policy" + "\r\n"; var client = new AmazonIdentityManagementServiceClient(); var getcurrentrequest = new GetRolePolicyRequest { PolicyName = "CloudBerryMBSPolicy", RoleName = "CloudBerryMBSRole-6bba62a8-a0da-497c-b296-2fe588c64db4" }; try { var getPolicyResponse = client.GetRolePolicy(getcurrentrequest); oldpolicy = System.Net.WebUtility.UrlDecode(getPolicyResponse.PolicyDocument); } catch (NoSuchEntityException) { txtOutput.Text += "Policy does not exist." + "\r\n"; } var newpolicy = oldpolicy.Remove(oldpolicy.Length - 3, 3); newpolicy += ",{\"Effect\": \"Allow\", \"Action\": \"s3:*\", \"Resource\": [ \"arn:aws:s3:::" + txtID.Text + "\"], \"Condition\": {} }, {\"Effect\": \"Allow\", \"Action\": \"s3:*\", \"Resource\": [ \"arn:aws:s3:::" + txtID.Text + "/*\"], \"Condition\": {} } ] }"; var putrolepolicyrequest = new PutRolePolicyRequest { RoleName = "CloudBerryMBSRole-6bba62a8-a0da-497c-b296-2fe588c64db4", PolicyName = "CloudBerryMBSPolicy", PolicyDocument = newpolicy }; try { var putPolicyResponse = client.PutRolePolicy(putrolepolicyrequest); txtOutput.Text += "CloudBerry Role Policy Update - Success \r\n"; } catch (NoSuchEntityException) { txtOutput.Text += "Policy does not exist." + "\r\n"; } }
public Task <PutRolePolicyResponse> PutRolePolicyAsync(PutRolePolicyRequest request, CancellationToken cancellationToken = new CancellationToken()) { throw new System.NotImplementedException(); }
public static void Test(string identityProvider) { // Login with credentials to create the role // credentials are defined in app.config var iamClient = new AmazonIdentityManagementServiceClient(); string providerURL = null, providerAppIdName = null, providerUserIdName = null, providerAppId = null; switch (identityProvider) { case "Facebook": providerURL = "graph.facebook.com"; providerAppIdName = "app_id"; providerUserIdName = "id"; break; case "Google": providerURL = "accounts.google.com"; providerAppIdName = "aud"; providerUserIdName = "sub"; break; case "Amazon": providerURL = "www.amazon.com"; providerAppIdName = "app_id"; providerUserIdName = "user_id"; break; } //identity provider specific AppId is loaded from app.config (e.g) // FacebookProviderAppId. GoogleProviderAppId, AmazonProviderAppId providerAppId = ConfigurationManager.AppSettings[identityProvider + "ProviderAppId"]; // Since the string is passed to String.Format, '{' & '}' has to be escaped. // Policy document specifies who can invoke AssumeRoleWithWebIdentity string trustPolicyTemplate = @"{{ ""Version"": ""2012-10-17"", ""Statement"": [ {{ ""Effect"": ""Allow"", ""Principal"": {{ ""Federated"": ""{1}"" }}, ""Action"": ""sts:AssumeRoleWithWebIdentity"", ""Condition"": {{ ""StringEquals"": {{""{1}:{2}"": ""{3}""}} }} }} ] }}"; // Defines what permissions to grant when AssumeRoleWithWebIdentity is called string accessPolicyTemplate = @"{{ ""Version"": ""2012-10-17"", ""Statement"": [ {{ ""Effect"":""Allow"", ""Action"":[""s3:GetObject"", ""s3:PutObject"", ""s3:DeleteObject""], ""Resource"": [ ""arn:aws:s3:::federationtestbucket/{0}/${{{1}:{4}}}"", ""arn:aws:s3:::federationtestbucket/{0}/${{{1}:{4}}}/*"" ] }} ] }}"; // Create Trust policy CreateRoleRequest createRoleRequest = new CreateRoleRequest { RoleName = "federationtestrole", AssumeRolePolicyDocument = string.Format(trustPolicyTemplate, identityProvider, providerURL, providerAppIdName, providerAppId) }; Console.WriteLine("\nTrust Policy Document:\n{0}\n", createRoleRequest.AssumeRolePolicyDocument); CreateRoleResponse createRoleResponse = iamClient.CreateRole(createRoleRequest); // Create Access policy (Permissions) PutRolePolicyRequest putRolePolicyRequest = new PutRolePolicyRequest { PolicyName = "federationtestrole-rolepolicy", RoleName = "federationtestrole", PolicyDocument = string.Format(accessPolicyTemplate, identityProvider, providerURL, providerAppIdName, providerAppId, providerUserIdName) }; Console.WriteLine("\nAccess Policy Document (Permissions):\n{0}\n", putRolePolicyRequest.PolicyDocument); PutRolePolicyResponse putRolePolicyResponse = iamClient.PutRolePolicy( putRolePolicyRequest); // Sleep for the policy to replicate System.Threading.Thread.Sleep(5000); AmazonS3Config config = new AmazonS3Config { ServiceURL = "s3.amazonaws.com", RegionEndpoint = Amazon.RegionEndpoint.USEast1 }; Federation federationTest = new Federation(); AssumeRoleWithWebIdentityResponse assumeRoleWithWebIdentityResponse = null; switch (identityProvider) { case "Facebook": assumeRoleWithWebIdentityResponse = federationTest.GetTemporaryCredentialUsingFacebook( providerAppId, createRoleResponse.Role.Arn); break; case "Google": assumeRoleWithWebIdentityResponse = federationTest.GetTemporaryCredentialUsingGoogle( providerAppId, createRoleResponse.Role.Arn); //Uncomment to perform two step process //assumeRoleWithWebIdentityResponse = // federationTest.GetTemporaryCredentialUsingGoogle( // providerAppId, // ConfigurationManager.AppSettings["GoogleProviderAppIdSecret"], // createRoleResponse.Role.Arn); break; case "Amazon": assumeRoleWithWebIdentityResponse = federationTest.GetTemporaryCredentialUsingAmazon( ConfigurationManager.AppSettings["AmazonProviderClientId"], createRoleResponse.Role.Arn); break; } S3Test s3Test = new S3Test(); s3Test.CreateS3Bucket("federationtestbucket", identityProvider + "/" + assumeRoleWithWebIdentityResponse.SubjectFromWebIdentityToken, assumeRoleWithWebIdentityResponse.Credentials, config); DeleteRolePolicyResponse deleteRolePolicyResponse = iamClient.DeleteRolePolicy(new DeleteRolePolicyRequest { PolicyName = "federationtestrole-rolepolicy", RoleName = "federationtestrole" }); DeleteRoleResponse deleteRoleResponse = iamClient.DeleteRole(new DeleteRoleRequest { RoleName = "federationtestrole" }); }
public Task <PutRolePolicyResponse> PutRolePolicyAsync(PutRolePolicyRequest rolePolicyRequest) { PutRolePolicyRequests.Add(rolePolicyRequest); return(Task.FromResult(new PutRolePolicyResponse())); }
public Task <PutRolePolicyResponse> PutRolePolicyAsync(PutRolePolicyRequest rolePolicyRequest) { return(_client.PutRolePolicyAsync(rolePolicyRequest)); }