/// <summary> /// Function is combining CreatePolicy and CreatePolicyVersion commands to the one and extend their functionalities. /// /// <para>Creates a new managed policy for your AWS account. This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for Managed Policies in the IAM User Guide . /// https://docs.aws.amazon.com/cli/latest/reference/iam/create-policy.html /// </para> /// /// <para>Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version. /// https://docs.aws.amazon.com/cli/latest/reference/iam/create-policy-version.html /// </para> /// /// Extention: /// <para>Policy JSON string can be read from file path with --policy-document-file-path argument</para> /// <para>Automatically remove the oldest policy when you reach five policy versions. if argument --no-remove-oldest-policy-version is set, this feature will be disabled and you have to manually delete the policy version before add a new one.</para> /// <para>Automatically create the policy if there is not already created.</para> /// </summary> public static void CreatePolicyExt(string PolicyName, string PolicyFilePath, string Path = null, bool NoSetAsDefault = false, bool NoRemoveOldestPolicyVersion = false) { try { _iamClient = new AmazonIdentityManagementServiceClient(AWSCredential.Profile, RegionEndpoint.USEast1); var policy = System.IO.File.ReadAllText(PolicyFilePath); try { _iamClient.CreatePolicy(new CreatePolicyRequest { PolicyName = PolicyName, PolicyDocument = policy, Path = Path ?? null }); } catch (Amazon.IdentityManagement.Model.EntityAlreadyExistsException ex) { // Policy is already created. Create a new policy version and set. Console.WriteLine(ex.Message + " Trying to create a new policy version."); string _policyARN = "arn:aws:iam::" + AWSCredential.Account + ":policy" + (Path ?? "/") + PolicyName; Console.WriteLine(_policyARN); var _policyList = _iamClient.ListPolicyVersions(new ListPolicyVersionsRequest { PolicyArn = _policyARN }); if ((_policyList.Versions.Count == 5) && (!(NoRemoveOldestPolicyVersion))) { /// Policy has maximum policy versions. Oldest one has to be delete to continue. var _oldestPolicyVersion = _policyList.Versions.Where(q => (!(q.IsDefaultVersion))).OrderBy(q => q.CreateDate).Select(q => q.VersionId).First(); _iamClient.DeletePolicyVersion(new DeletePolicyVersionRequest { PolicyArn = _policyARN, VersionId = _oldestPolicyVersion }); Console.WriteLine("The oldest policy version is deleted: " + _oldestPolicyVersion); } _iamClient.CreatePolicyVersion(new CreatePolicyVersionRequest { PolicyArn = _policyARN, PolicyDocument = policy, SetAsDefault = (!(NoSetAsDefault)) }); Console.WriteLine("Policy is created."); } } catch (Exception ex) { Console.WriteLine("********ERR: " + ex.Message); } finally { _iamClient.Dispose(); } }
//Button3 - Policy private void button3_Click(object sender, EventArgs e) { txtOutput.Text += "Creating Policy" + "\r\n"; var client = new AmazonIdentityManagementServiceClient(); string policyDoc = GenerateUserPolicyDocument(bucketName); var request = new CreatePolicyRequest { PolicyName = bucketName + "Policy", PolicyDocument = policyDoc }; try { var createPolicyResponse = client.CreatePolicy(request); txtOutput.Text += "Policy named " + createPolicyResponse.Policy.PolicyName + " Created." + "\r\n"; policyarn = createPolicyResponse.Policy.Arn; } catch (EntityAlreadyExistsException) { txtOutput.Text += "Policy " + bucketName + " already exits." + "\r\n"; } txtOutput.Text += "Attaching policy to User" + "\r\n"; var attachrequest = new AttachUserPolicyRequest { UserName = bucketName, PolicyArn = policyarn }; try { var createPolicyResponse = client.AttachUserPolicy(attachrequest); txtOutput.Text += "Policy applied" + "\r\n"; } catch (Exception) { txtOutput.Text += "Attach Failed" + "\r\n"; } txtOutput.ScrollToCaret(); }
public static void CreatePolicy() { var client = new AmazonIdentityManagementServiceClient(); // GenerateRolePolicyDocument() is a custom method. string policyDoc = GenerateRolePolicyDocument(); var request = new CreatePolicyRequest { PolicyName = "DemoEC2Permissions", PolicyDocument = policyDoc }; try { var createPolicyResponse = client.CreatePolicy(request); Console.WriteLine("Make a note, Policy named " + createPolicyResponse.Policy.PolicyName + " has Arn: : " + createPolicyResponse.Policy.Arn); } catch (EntityAlreadyExistsException) { Console.WriteLine ("Policy 'DemoEC2Permissions' already exits."); } }