Exemplos de código com AssumeIdentity em C# (CSharp)

Exemplo n.º 1

0

Exibir arquivo

Arquivo: createRolePermission.cs Projeto: GavL89/AWSAccountFactory

        public JObject FunctionHandler(JObject input)
        {
            JObject createAccountResponseObject = JObject.FromObject(input.SelectToken("CreateAccountResponse"));
            string  accountId = createAccountResponseObject.SelectToken("CreateAccountStatus.AccountId").ToString();

            var credentials = AssumeIdentity.AssumeRole(accountId).Credentials;

            string accessKey    = credentials.AccessKeyId;
            string secretkey    = credentials.SecretAccessKey;
            string sessionToken = credentials.SessionToken;

            AmazonIdentityManagementServiceClient client = new AmazonIdentityManagementServiceClient(accessKey, secretkey, sessionToken);

            CreateRoleRequest request = new CreateRoleRequest()
            {
                RoleName                 = input.SelectToken("EventData.roleName").ToString(),
                MaxSessionDuration       = 43200,
                AssumeRolePolicyDocument = "{ \"Version\": \"2012-10-17\", \"Statement\": { \"Effect\": \"Allow\", \"Action\": \"sts:AssumeRoleWithSAML\", \"Principal\": {\"Federated\": \"arn:aws:iam::" + accountId + ":saml-provider/ADFS\"}, \"Condition\": {\"StringEquals\": {\"SAML:aud\": \"https://signin.aws.amazon.com/saml\"}} } }"
            };

            CreateRoleResponse response = client.CreateRoleAsync(request).Result;

            JObject outputObject = new JObject();

            outputObject.Add("CreateAccountResponse", createAccountResponseObject);
            outputObject.Add("CreateRoleResponse", JObject.FromObject(response));
            outputObject.Add("EventData", input.SelectToken("EventData"));

            return(outputObject);
        }

Exemplo n.º 2

0

Exibir arquivo

Arquivo: attachRolePolicy.cs Projeto: GavL89/AWSAccountFactory

        public JObject FunctionHandler(JObject input)
        {
            JObject createAccountResponseObject = JObject.FromObject(input.SelectToken("CreateAccountResponse"));
            string  accountId = createAccountResponseObject.SelectToken("CreateAccountStatus.AccountId").ToString();

            var credentials = AssumeIdentity.AssumeRole(accountId).Credentials;

            string accessKey    = credentials.AccessKeyId;
            string secretkey    = credentials.SecretAccessKey;
            string sessionToken = credentials.SessionToken;

            AmazonIdentityManagementServiceClient client = new AmazonIdentityManagementServiceClient(accessKey, secretkey, sessionToken);

            AttachRolePolicyRequest request = new AttachRolePolicyRequest()
            {
                PolicyArn = "arn:aws:iam::aws:policy/AdministratorAccess",
                RoleName  = input.SelectToken("EventData.roleName").ToString()
            };

            AttachRolePolicyResponse response = client.AttachRolePolicyAsync(request).Result;

            JObject outputObject = new JObject();

            outputObject.Add("AttachRolePolicyResponse", JObject.FromObject(response));
            outputObject.Add("CreateAccountResponse", input.SelectToken("CreateAccountResponse"));
            outputObject.Add("EventData", input.SelectToken("EventData"));

            return(outputObject);
        }

Exemplo n.º 3

0

Exibir arquivo

        public JObject FunctionHandler(JObject input)
        {
            LambdaLogger.Log(JObject.FromObject(input).ToString());
            string accountId = input.SelectToken("CreateAccountStatus.CreateAccountStatus.AccountId").ToString();

            var credentials = AssumeIdentity.AssumeRole(accountId).Credentials;

            string accessKey    = credentials.AccessKeyId;
            string secretkey    = credentials.SecretAccessKey;
            string sessionToken = credentials.SessionToken;

            AmazonIdentityManagementServiceClient client = new AmazonIdentityManagementServiceClient(accessKey, secretkey, sessionToken);

            CreateSAMLProviderRequest request = new CreateSAMLProviderRequest()
            {
                Name = "ADFS",
                SAMLMetadataDocument = MetadataXML()
            };

            CreateSAMLProviderResponse response = client.CreateSAMLProviderAsync(request).Result;

            JObject outputObject = new JObject();

            outputObject.Add("CreateSAMLProviderResponse", JObject.FromObject(response));
            outputObject.Add("CreateAccountResponse", input.SelectToken("CreateAccountStatus"));
            outputObject.Add("EventData", input.SelectToken("EventData"));

            return(outputObject);
        }

Exemplo n.º 4

0

Exibir arquivo

        public UpdateSAMLProviderResponse updateSAMLProvider(string accountId)
        {
            AmazonIdentityManagementServiceClient client = new AmazonIdentityManagementServiceClient();;

            if (accountId != "177654365656")
            {
                var credentials = AssumeIdentity.AssumeRole(accountId).Credentials;

                string accessKey    = credentials.AccessKeyId;
                string secretkey    = credentials.SecretAccessKey;
                string sessionToken = credentials.SessionToken;

                client = new AmazonIdentityManagementServiceClient(accessKey, secretkey, sessionToken);
            }

            UpdateSAMLProviderRequest request = new UpdateSAMLProviderRequest()
            {
                SAMLMetadataDocument = MetadataXML(),
                SAMLProviderArn      = string.Format("arn:aws:iam::{0}:saml-provider/ADFS", accountId)
            };

            UpdateSAMLProviderResponse response = client.UpdateSAMLProviderAsync(request).Result;

            return(response);
        }

Exemplos de AssumeIdentity em C# (CSharp)