The Role data type contains information about a role.

This data type is used as a response element in the following actions:

  • CreateRole

  • GetRole

  • ListRoles

예제 #1
0
 public CreateRoleResult WithRole(Role role)
 {
     this.role = role;
     return this;
 }
예제 #2
0
        public Deployer(AwsConfiguration awsConfiguration)
        {
            _awsEndpoint = awsConfiguration.AwsEndpoint;
            _bucket = awsConfiguration.Bucket;
            _assumeRoleTrustDocument = awsConfiguration.AssumeRoleTrustDocument;
            _iamRolePolicyDocument = awsConfiguration.IamRolePolicyDocument;

            AWSCredentials credentials;

            if (isArn(awsConfiguration.RoleName))
            {
                var securityTokenServiceClient = new AmazonSecurityTokenServiceClient(awsConfiguration.AwsEndpoint);

                var assumeRoleResult = securityTokenServiceClient.AssumeRole(new AssumeRoleRequest
                {
                    RoleArn = awsConfiguration.RoleName,
                    DurationSeconds = 3600,
                    RoleSessionName = "Net2User",
                    ExternalId = Guid.NewGuid().ToString()
                });

                Credentials stsCredentials = assumeRoleResult.Credentials;

                SessionAWSCredentials sessionCredentials =
                          new SessionAWSCredentials(stsCredentials.AccessKeyId,
                                                    stsCredentials.SecretAccessKey,
                                                    stsCredentials.SessionToken);

                credentials = sessionCredentials;

                _role = new AssumedRole(assumeRoleResult.AssumedRoleUser);
            }
            else {
                credentials = awsConfiguration.Credentials ?? new EnvironmentAWSCredentials();
            }

            _codeDeployClient = new AmazonCodeDeployClient(
                credentials,
                new AmazonCodeDeployConfig {
                    RegionEndpoint = awsConfiguration.AwsEndpoint,
                    ProxyHost = awsConfiguration.ProxyHost,
                    ProxyPort = awsConfiguration.ProxyPort
                });

            _cloudFormationClient = new AmazonCloudFormationClient(
                credentials,
                new AmazonCloudFormationConfig {
                    RegionEndpoint = awsConfiguration.AwsEndpoint,
                    ProxyHost = awsConfiguration.ProxyHost,
                    ProxyPort = awsConfiguration.ProxyPort
                });

            _s3Client = new AmazonS3Client(
                credentials,
                new AmazonS3Config {
                    RegionEndpoint = awsConfiguration.AwsEndpoint,
                    ProxyHost = awsConfiguration.ProxyHost,
                    ProxyPort = awsConfiguration.ProxyPort
                });

            _iamClient = new AmazonIdentityManagementServiceClient(
                credentials,
                new AmazonIdentityManagementServiceConfig  {
                    RegionEndpoint = awsConfiguration.AwsEndpoint,
                    ProxyHost = awsConfiguration.ProxyHost,
                    ProxyPort = awsConfiguration.ProxyPort
                });

            _autoScalingClient = new AmazonAutoScalingClient(
                credentials,
                new AmazonAutoScalingConfig {
                    RegionEndpoint = awsConfiguration.AwsEndpoint,
                    ProxyHost = awsConfiguration.ProxyHost,
                    ProxyPort = awsConfiguration.ProxyPort
                });
        }
예제 #3
0
 /// <summary>
 /// Sets the Role property
 /// </summary>
 /// <param name="role">The value to set for the Role property </param>
 /// <returns>this instance</returns>
 public GetRoleResult WithRole(Role role)
 {
     this.role = role;
     return this;
 }
예제 #4
0
        void EnsureDeploymentGroupExistsForBundle(AmazonCodeDeployClient codeDeployClient, AmazonIdentityManagementServiceClient iamClient, AmazonAutoScalingClient autoScalingClient, Role role, string deploymentGroupName)
        {
            var serviceRoleArn = role.Arn;

            if (TargetsAutoScalingDeploymentGroup)
            {
                var group =
                    autoScalingClient.DescribeAutoScalingGroups()
                        .AutoScalingGroups.FirstOrDefault(
                            asg => asg.Tags.Any(t => t.Key == "DeploymentRole" && t.Value == deploymentGroupName));

                if (group == null)
                    throw new ApplicationException(
                        string.Format("Auto scaling group with DeploymentRole {0} does not exist.", deploymentGroupName));

                try
                {
                    codeDeployClient.CreateDeploymentGroup(new CreateDeploymentGroupRequest
                    {
                        ApplicationName = CodeDeployApplicationName,
                        DeploymentGroupName = deploymentGroupName,
                        ServiceRoleArn = serviceRoleArn,
                        AutoScalingGroups = new List<string> {group.AutoScalingGroupName}
                    });
                }
                catch (DeploymentGroupAlreadyExistsException)
                {
                    // reuse a previously created deployment group with the same name
                }
            }
            else
            {
                try
                {
                    Console.WriteLine("Will assume role {0} for deployment", serviceRoleArn);
                    codeDeployClient.CreateDeploymentGroup(new CreateDeploymentGroupRequest
                    {
                        ApplicationName = CodeDeployApplicationName,
                        DeploymentGroupName = deploymentGroupName,
                        ServiceRoleArn = serviceRoleArn,
                        Ec2TagFilters = new List<EC2TagFilter>
                    {
                        new EC2TagFilter
                        {
                            Type = EC2TagFilterType.KEY_AND_VALUE,
                            Key = "DeploymentRole",
                            Value = deploymentGroupName
                        }
                    }
                    });
                }
                catch (DeploymentGroupAlreadyExistsException)
                {
                    // since this is EC2, we can reuse a previously created deployment group with the same name
                }
            }
        }
예제 #5
0
        public CreateDeploymentResponse DeployToStack(
            AmazonCodeDeployClient codeDeployClient,
            AmazonIdentityManagementServiceClient iamClient,
            AmazonAutoScalingClient autoScalingClient,
            Role role)
        {
            var deploymentGroupName = _stackName + "_" + BundleName;

            EnsureDeploymentGroupExistsForBundle(codeDeployClient, iamClient, autoScalingClient, role, deploymentGroupName);

            var deploymentResponse = codeDeployClient.CreateDeployment(new CreateDeploymentRequest
            {
                ApplicationName = CodeDeployApplicationName,
                DeploymentGroupName = deploymentGroupName,
                Revision = new RevisionLocation
                {
                    RevisionType = RevisionLocationType.S3,
                    S3Location = new S3Location
                    {
                        Bucket = Bucket,
                        Key = FileName,
                        BundleType = BundleType.Zip,
                        ETag = ETag
                    }
                }
            });

            return deploymentResponse;
        }
예제 #6
0
        public void SetUp()
        {
            _awsConfiguration = new AwsConfiguration
            {
                AwsEndpoint = TestConfiguration.AwsEndpoint,
                Credentials = new TestSuiteCredentials()
            };

            _iamClient = new AmazonIdentityManagementServiceClient(
                new AmazonIdentityManagementServiceConfig
                {
                    RegionEndpoint = _awsConfiguration.AwsEndpoint,
                    ProxyHost = _awsConfiguration.ProxyHost,
                    ProxyPort = _awsConfiguration.ProxyPort
                });

            var user = _iamClient.CreateUser(new CreateUserRequest
            {
                UserName = _userName
            }).User;

            _roleToAssume = _iamClient.CreateRoleToAssume(user);
            _awsConfiguration.RoleName = _roleToAssume.Arn;

            _s3Client = new AmazonS3Client(new AmazonS3Config { RegionEndpoint = _awsConfiguration.AwsEndpoint });

            DeletePreviousTestStack();
        }