Exemplo n.º 1
0
 private Amazon.IdentityManagement.Model.AttachRolePolicyResponse CallAWSServiceOperation(IAmazonIdentityManagementService client, Amazon.IdentityManagement.Model.AttachRolePolicyRequest request)
 {
     Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Identity and Access Management", "AttachRolePolicy");
     try
     {
         #if DESKTOP
         return(client.AttachRolePolicy(request));
         #elif CORECLR
         return(client.AttachRolePolicyAsync(request).GetAwaiter().GetResult());
         #else
                 #error "Unknown build edition"
         #endif
     }
     catch (AmazonServiceException exc)
     {
         var webException = exc.InnerException as System.Net.WebException;
         if (webException != null)
         {
             throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
         }
         throw;
     }
 }
Exemplo n.º 2
0
        public async Task AttachIamRolePolicy(IAmazonIdentityManagementService iamClient, string roleName,
                                              string policyArn)
        {
            try
            {
                Console.WriteLine("Attaching IAM Role Policy");
                ListAttachedRolePoliciesResponse response = await iamClient.ListAttachedRolePoliciesAsync(
                    new ListAttachedRolePoliciesRequest()
                {
                    RoleName = roleName
                });

                List <AttachedPolicyType> attachedPolicies = response.AttachedPolicies;

                foreach (var attachedPolicyType in attachedPolicies)
                {
                    if (policyArn.Equals(attachedPolicyType.PolicyArn))
                    {
                        Console.WriteLine($"Policy : {policyArn} is already attached to role {roleName}");
                        return;
                    }
                }

                await iamClient.AttachRolePolicyAsync(new AttachRolePolicyRequest()
                {
                    RoleName  = roleName,
                    PolicyArn = policyArn
                });

                Console.WriteLine($"Successfully attached policy : {policyArn} to role {roleName}");
            }
            catch (Exception e)
            {
                Console.WriteLine($"IAM policy attach failed: {e}");
                throw;
            }
        }
Exemplo n.º 3
0
        public static string CreateRole(IAmazonIdentityManagementService iamClient, string roleName, string assuleRolePolicy, params string[] managedPolicies)
        {
            if (managedPolicies != null && managedPolicies.Length > 0)
            {
                for (int i = 0; i < managedPolicies.Length; i++)
                {
                    managedPolicies[i] = ExpandManagedPolicyName(iamClient, managedPolicies[i]);
                }
            }

            string roleArn;

            try
            {
                CreateRoleRequest request = new CreateRoleRequest
                {
                    RoleName = roleName,
                    AssumeRolePolicyDocument = assuleRolePolicy
                };

                var response = iamClient.CreateRoleAsync(request).Result;
                roleArn = response.Role.Arn;
            }
            catch (Exception e)
            {
                throw new ToolsException($"Error creating IAM Role: {e.Message}", ToolsException.CommonErrorCode.IAMCreateRole, e);
            }

            if (managedPolicies != null && managedPolicies.Length > 0)
            {
                try
                {
                    foreach (var managedPolicy in managedPolicies)
                    {
                        var request = new AttachRolePolicyRequest
                        {
                            RoleName  = roleName,
                            PolicyArn = managedPolicy
                        };
                        iamClient.AttachRolePolicyAsync(request).Wait();
                    }
                }
                catch (Exception e)
                {
                    throw new ToolsException($"Error assigning managed IAM Policy: {e.Message}", ToolsException.CommonErrorCode.IAMAttachRole, e);
                }
            }

            bool found = false;

            do
            {
                // There is no way check if the role has propagated yet so to
                // avoid error during deployment creation do a generous sleep.
                Console.WriteLine("Waiting for new IAM Role to propagate to AWS regions");
                long start = DateTime.Now.Ticks;
                while (TimeSpan.FromTicks(DateTime.Now.Ticks - start).TotalSeconds < SLEEP_TIME_FOR_ROLE_PROPOGATION.TotalSeconds)
                {
                    Thread.Sleep(TimeSpan.FromSeconds(1));
                    Console.Write(".");
                    Console.Out.Flush();
                }
                Console.WriteLine("\t Done");


                try
                {
                    var getResponse = iamClient.GetRoleAsync(new GetRoleRequest {
                        RoleName = roleName
                    }).Result;
                    if (getResponse.Role != null)
                    {
                        found = true;
                    }
                }
                catch (NoSuchEntityException)
                {
                }
                catch (Exception e)
                {
                    throw new ToolsException("Error confirming new role was created: " + e.Message, ToolsException.CommonErrorCode.IAMGetRole, e);
                }
            } while (!found);


            return(roleArn);
        }