/// <summary>
/// Function is combining CreatePolicy and CreatePolicyVersion commands to the one and extend their functionalities.
///
/// <para>Creates a new managed policy for your AWS account. This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for Managed Policies in the IAM User Guide .
/// https://docs.aws.amazon.com/cli/latest/reference/iam/create-policy.html
/// </para>
///
/// <para>Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version.
/// https://docs.aws.amazon.com/cli/latest/reference/iam/create-policy-version.html
/// </para>
///
/// Extention:
/// <para>Policy JSON string can be read from file path with --policy-document-file-path argument</para>
/// <para>Automatically remove the oldest policy when you reach five policy versions. if argument --no-remove-oldest-policy-version is set, this feature will be disabled and you have to manually delete the policy version before add a new one.</para>
/// <para>Automatically create the policy if there is not already created.</para>
/// </summary>
public static void CreatePolicyExt(string PolicyName, string PolicyFilePath, string Path = null, bool NoSetAsDefault = false, bool NoRemoveOldestPolicyVersion = false)
{
try
{
_iamClient = new AmazonIdentityManagementServiceClient(AWSCredential.Profile, RegionEndpoint.USEast1);
var policy = System.IO.File.ReadAllText(PolicyFilePath);
try
{
_iamClient.CreatePolicy(new CreatePolicyRequest {
PolicyName = PolicyName, PolicyDocument = policy, Path = Path ?? null
});
}
catch (Amazon.IdentityManagement.Model.EntityAlreadyExistsException ex)
{
// Policy is already created. Create a new policy version and set.
Console.WriteLine(ex.Message + " Trying to create a new policy version.");
string _policyARN = "arn:aws:iam::" + AWSCredential.Account + ":policy" + (Path ?? "/") + PolicyName;
Console.WriteLine(_policyARN);
var _policyList = _iamClient.ListPolicyVersions(new ListPolicyVersionsRequest {
PolicyArn = _policyARN
});
if ((_policyList.Versions.Count == 5) && (!(NoRemoveOldestPolicyVersion)))
{
/// Policy has maximum policy versions. Oldest one has to be delete to continue.
var _oldestPolicyVersion = _policyList.Versions.Where(q => (!(q.IsDefaultVersion))).OrderBy(q => q.CreateDate).Select(q => q.VersionId).First();
_iamClient.DeletePolicyVersion(new DeletePolicyVersionRequest {
PolicyArn = _policyARN, VersionId = _oldestPolicyVersion
});
Console.WriteLine("The oldest policy version is deleted: " + _oldestPolicyVersion);
}
_iamClient.CreatePolicyVersion(new CreatePolicyVersionRequest {
PolicyArn = _policyARN, PolicyDocument = policy, SetAsDefault = (!(NoSetAsDefault))
});
Console.WriteLine("Policy is created.");
}
}
catch (Exception ex)
{
Console.WriteLine("********ERR: " + ex.Message);
}
finally
{
_iamClient.Dispose();
}
}
//Button3 - Policy
private void button3_Click(object sender, EventArgs e)
{
txtOutput.Text += "Creating Policy" + "\r\n";
var client = new AmazonIdentityManagementServiceClient();
string policyDoc = GenerateUserPolicyDocument(bucketName);
var request = new CreatePolicyRequest
{
PolicyName = bucketName + "Policy",
PolicyDocument = policyDoc
};
try
{
var createPolicyResponse = client.CreatePolicy(request);
txtOutput.Text += "Policy named " + createPolicyResponse.Policy.PolicyName + " Created." + "\r\n";
policyarn = createPolicyResponse.Policy.Arn;
}
catch (EntityAlreadyExistsException)
{
txtOutput.Text += "Policy " + bucketName + " already exits." + "\r\n";
}
txtOutput.Text += "Attaching policy to User" + "\r\n";
var attachrequest = new AttachUserPolicyRequest
{
UserName = bucketName,
PolicyArn = policyarn
};
try
{
var createPolicyResponse = client.AttachUserPolicy(attachrequest);
txtOutput.Text += "Policy applied" + "\r\n";
}
catch (Exception)
{
txtOutput.Text += "Attach Failed" + "\r\n";
}
txtOutput.ScrollToCaret();
}
public static void CreatePolicy()
{
var client = new AmazonIdentityManagementServiceClient();
// GenerateRolePolicyDocument() is a custom method.
string policyDoc = GenerateRolePolicyDocument();
var request = new CreatePolicyRequest
{
PolicyName = "DemoEC2Permissions",
PolicyDocument = policyDoc
};
try
{
var createPolicyResponse = client.CreatePolicy(request);
Console.WriteLine("Make a note, Policy named " + createPolicyResponse.Policy.PolicyName +
" has Arn: : " + createPolicyResponse.Policy.Arn);
}
catch (EntityAlreadyExistsException)
{
Console.WriteLine
("Policy 'DemoEC2Permissions' already exits.");
}
}
