public static async Task <(DeleteRoleResponse role, DetachRolePolicyResponse[] policies)> DeleteRoleAsync(
this IAMHelper iam, string roleName, bool detachPolicies,
bool deleteInstanceProfiles = false,
StringComparison stringComparison = StringComparison.InvariantCultureIgnoreCase, CancellationToken cancellationToken = default(CancellationToken))
{
if (roleName.IsNullOrEmpty())
{
throw new ArgumentException($"{nameof(roleName)} is null or empty");
}
DetachRolePolicyResponse[] detachRolePolicyResponses = null;
if (detachPolicies)
{
var targets = await iam.ListAttachedRolePoliciesAsync(roleName, cancellationToken : cancellationToken);
detachRolePolicyResponses = await targets.ForEachAsync(policy => iam.DetachRolePolicyAsync(roleName, policy.PolicyArn, cancellationToken)
, maxDegreeOfParallelism : iam._maxDegreeOfParalelism);
}
if (deleteInstanceProfiles)
{
await iam.DeleteRoleInstanceProfiles(roleName : roleName, cancellationToken : cancellationToken);
}
return(await iam.DeleteRoleAsync(roleName, cancellationToken), detachRolePolicyResponses);
}
public static async Task <Role> CreateRoleWithPoliciesAsync(
this IAMHelper iam, string roleName,
string[] policies,
string roleDescription = null,
bool createInstanceProfile = false,
StringComparison stringComparison = StringComparison.InvariantCultureIgnoreCase,
CancellationToken cancellationToken = default(CancellationToken))
{
var policyDoc = $@"{{""Version"":""2012-10-17"",""Statement"":[{{""Effect"":""Allow"",""Principal"":{{""Service"":[""ec2.amazonaws.com"",""ecs-tasks.amazonaws.com""]}},""Action"":[""sts:AssumeRole""]}}]}}";
var tR = iam.CreateRoleAsync(roleName: roleName, description: roleDescription, path: null, maxSessionDuration: 12 * 3600, assumeRolePolicyDocument: policyDoc, cancellationToken: cancellationToken);
var list = await iam.ListPoliciesAsync(cancellationToken : cancellationToken);
var mp = new ManagedPolicy[policies.Length];
for (int i = 0; i < policies.Length; i++)
{
var policy = policies[i];
mp[i] = list.Single(x => x.PolicyName.Equals(policy, stringComparison) || x.PolicyName.Equals(policy, stringComparison));
}
var roleResponse = await tR;
await mp.ForEachAsync(p => iam.AttachRolePolicyAsync(roleResponse.Role.RoleName, p.Arn, cancellationToken),
iam._maxDegreeOfParalelism, cancellationToken : cancellationToken);
//https://aws.amazon.com/premiumsupport/knowledge-center/iam-role-not-in-list/
if (createInstanceProfile)
{
await iam.DeleteRoleInstanceProfiles(roleName : roleName, cancellationToken : cancellationToken);
await iam.CreateInstanceProfileAsync(name : roleName, cancellationToken : cancellationToken);
await iam.AddRoleToInstanceProfileAsync(profileName : roleName, roleName : roleName, cancellationToken : cancellationToken);
}
return(roleResponse.Role);
}