public Role Create(Construct scope, IConfigSettings config, string name) { var props = new RoleProps { RoleName = config.FormatName(name), ManagedPolicies = GetManagedPolicies(scope, config), AssumedBy = new ServicePrincipal("ec2.amazonaws.com") }; var role = new Role(scope, config.FormatName(name), props); return(role); }
public ManagedPolicy[] GetManagedPolicies(Construct scope, IConfigSettings config) { var ssmStatements = new Security.Roles.SSM.ManagedInstanceCore().Statements; var ssmAssume = new Security.Roles.SSM.TrustedCommunication().Statements; var ec2Statements = new Security.Roles.EC2.FullAccess().Statements; var s3Statments = new Security.Roles.S3.FullAccess().Statements; var ecrStatements = new Security.Roles.ECR.ECRAccess().Statements; var policies = new List <ManagedPolicy>(); policies.Add(Policy(scope, config.FormatName("ssm-statements"), null, ssmStatements)); //policies.Add(Policy(scope, "ssm-assume", null, ssmAssume)); policies.Add(Policy(scope, config.FormatName("ec2-full-access"), null, ec2Statements)); policies.Add(Policy(scope, config.FormatName("s3-full-access"), null, s3Statments)); policies.Add(Policy(scope, config.FormatName("ecr-access"), null, ecrStatements)); return(policies.ToArray()); }