Пример #1
0
        //        public void UpdateIdentityPool(string poolId, string poolName, Dictionary<string, string> providers)
        //        {
        //            var updateRequest = new UpdateIdentityPoolRequest
        //            {
        //                IdentityPoolName = poolName,
        //                IdentityPoolId = poolId,
        //                AllowUnauthenticatedIdentities = true,
        //            };
        //            if (providers != null && providers.Count > 0)
        //                updateRequest.SupportedLoginProviders = providers;

        //            Client.UpdateIdentityPool(updateRequest);
        //        }


        public string PrepareRole()
        {
            // Assume role policy which accepts OAuth tokens from Google, Facebook or Cognito, and allows AssumeRoleWithWebIdentity action.
            string assumeRolePolicy = @"{
    ""Version"":""2012-10-17"",
    ""Statement"":[
        {
            ""Effect"":""Allow"",
            ""Principal"":{
                ""Federated"":[""accounts.google.com"",""graph.facebook.com"", ""cognito-identity.amazonaws.com""]
            },
            ""Action"":[""sts:AssumeRoleWithWebIdentity""]
        }
    ]
}";
            // Role policy that allows all operations for a number of services
            var    allowPolicy = @"{
    ""Version"" : ""2012-10-17"",
    ""Statement"" : [
        {
            ""Effect"" : ""Allow"",
            ""Action"" : [
                ""ec2:*"",
                ""iam:*"",
                ""cloudwatch:*"",
                ""cognito-identity:*"",
                ""cognito-sync:*"",
                ""s3:*""
            ],
            ""Resource"" : ""*""
        }
    ]
}";
            string roleArn     = null;

            using (var identityClient = new Amazon.IdentityManagement.AmazonIdentityManagementServiceClient(TestRunner.Credentials))
            {
                AutoResetEvent ars = new AutoResetEvent(false);
                Exception      responseException = new Exception();

                string roleName = "UnityWebIdentityRole" + DateTime.Now.Ticks;
                identityClient.CreateRoleAsync(new Amazon.IdentityManagement.Model.CreateRoleRequest
                {
                    AssumeRolePolicyDocument = assumeRolePolicy,
                    RoleName = roleName
                }, (response) =>
                {
                    responseException = response.Exception;
                    if (responseException == null)
                    {
                        roleArn = response.Response.Role.Arn;
                    }
                    ars.Set();
                }, new AsyncOptions {
                    ExecuteCallbackOnMainThread = false
                });
                ars.WaitOne();
                Utils.AssertExceptionIsNull(responseException);

                Thread.Sleep(2000);
                identityClient.PutRolePolicyAsync(new Amazon.IdentityManagement.Model.PutRolePolicyRequest
                {
                    PolicyDocument = allowPolicy,
                    PolicyName     = policyName,
                    RoleName       = roleName
                }, (response) =>
                {
                    responseException = response.Exception;
                    ars.Set();
                }, new AsyncOptions {
                    ExecuteCallbackOnMainThread = false
                });
                ars.WaitOne();
                Utils.AssertExceptionIsNull(responseException);

                Thread.Sleep(2000);
                roleNames.Add(roleName);
            }

            return(roleArn);
        }
Пример #2
0
        public string PrepareRole()
        {
            // Assume role policy which accepts OAuth tokens from Google, Facebook or Cognito, and allows AssumeRoleWithWebIdentity action.
            string assumeRolePolicy = @"{
    ""Version"":""2012-10-17"",
    ""Statement"":[
        {
            ""Effect"":""Allow"",
            ""Principal"":{
                ""Federated"":[""accounts.google.com"",""graph.facebook.com"", ""cognito-identity.amazonaws.com""]
            },
            ""Action"":[""sts:AssumeRoleWithWebIdentity""]
        }
    ]
}";
            // Role policy that allows all operations for a number of services
            var    allowPolicy = @"{
    ""Version"" : ""2012-10-17"",
    ""Statement"" : [
        {
            ""Effect"" : ""Allow"",
            ""Action"" : [
                ""ec2:*"",
                ""iam:*"",
                ""cloudwatch:*"",
                ""cognito-identity:*"",
                ""cognito-sync:*"",
                ""s3:*""
            ],
            ""Resource"" : ""*""
        }
    ]
}";
            string roleArn;

            using (var identityClient = new Amazon.IdentityManagement.AmazonIdentityManagementServiceClient(TestRunner.Credentials))
            {
                string roleName = "NetWebIdentityRole" + new Random().Next();
                var    response = identityClient.CreateRoleAsync(new Amazon.IdentityManagement.Model.CreateRoleRequest
                {
                    AssumeRolePolicyDocument = assumeRolePolicy,
                    RoleName = roleName
                }).Result;

                UtilityMethods.Sleep(TimeSpan.FromMilliseconds(2000));

                identityClient.PutRolePolicyAsync(new Amazon.IdentityManagement.Model.PutRolePolicyRequest
                {
                    PolicyDocument = allowPolicy,
                    PolicyName     = policyName,
                    RoleName       = response.Role.RoleName
                }).Wait();

                UtilityMethods.Sleep(TimeSpan.FromMilliseconds(2000));

                roleArn = response.Role.Arn;
                roleNames.Add(roleName);
            }

            return(roleArn);
        }