public AddRoleToInstanceProfile ( |
||
request | Container for the necessary parameters to execute the AddRoleToInstanceProfile service method. | |
return | Amazon.IdentityManagement.Model.AddRoleToInstanceProfileResponse |
public async Task EnsureEc2ServiceRoleExistsAsync(string excuteApiUriForPolicy = "") { if (await RoleAlreadyExistsAsync()) { loggerProvider.GetLogger() .Debug("Role with roleName {roleName} already exists", configurationProvider.ShortApplicationName); return; } using ( var iamClient = new AmazonIdentityManagementServiceClient(credentials, configurationProvider.RegionEndpoint)) { var createRoleResponse = await iamClient.CreateRoleAsync(new CreateRoleRequest { RoleName = configurationProvider.ShortApplicationName, AssumeRolePolicyDocument = "{\"Version\": \"2012-10-17\", \"Statement\": {\"Effect\": \"Allow\", \"Principal\": { \"Service\": \"ec2.amazonaws.com\"}, \"Action\": \"sts:AssumeRole\"}}" }); loggerProvider.GetLogger().Debug("The IAM Uri is " + excuteApiUriForPolicy); if (!string.IsNullOrWhiteSpace(excuteApiUriForPolicy)) { var policyDocument = "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Effect\": \"Allow\",\"Action\": [\"execute-api:Invoke\"],\"Resource\": \"arn:aws:execute-api:*:*:" + excuteApiUriForPolicy + "\"}]}"; loggerProvider.GetLogger().Debug("The new Policy Reads : " + policyDocument); var newPolicy = await iamClient.CreatePolicyAsync(new CreatePolicyRequest { Description = "Policy to demonstrate that I have permission that is limited to a specific resource in ApiGateway ", PolicyDocument = policyDocument, PolicyName = "ResourceInvocation" }); loggerProvider.GetLogger().Debug("Policy Created: " + newPolicy.Policy.Arn); await iamClient.AttachRolePolicyAsync(new AttachRolePolicyRequest { RoleName = configurationProvider.ShortApplicationName, PolicyArn = newPolicy.Policy.Arn }); loggerProvider.GetLogger().Debug("Policy Attach to Role: " + newPolicy.Policy.Arn); } loggerProvider.GetLogger().Debug("Created role: {@createRoleResponse}", createRoleResponse); var createInstanceProfileResponse = iamClient.CreateInstanceProfile(new CreateInstanceProfileRequest { InstanceProfileName = configurationProvider.ShortApplicationName }); loggerProvider.GetLogger() .Debug("Created instance profile: {@createInstanceProfileResponse}", createInstanceProfileResponse); var addRoleToInstanceProfileResponse = iamClient.AddRoleToInstanceProfile(new AddRoleToInstanceProfileRequest { InstanceProfileName = configurationProvider.ShortApplicationName, RoleName = configurationProvider.ShortApplicationName }); loggerProvider.GetLogger() .Debug("Added role to instance profile: {@addRoleToInstanceProfileResponse}", addRoleToInstanceProfileResponse); } }