public JObject FunctionHandler(JObject input) { JObject createAccountResponseObject = JObject.FromObject(input.SelectToken("CreateAccountResponse")); string accountId = createAccountResponseObject.SelectToken("CreateAccountStatus.AccountId").ToString(); var credentials = AssumeIdentity.AssumeRole(accountId).Credentials; string accessKey = credentials.AccessKeyId; string secretkey = credentials.SecretAccessKey; string sessionToken = credentials.SessionToken; AmazonIdentityManagementServiceClient client = new AmazonIdentityManagementServiceClient(accessKey, secretkey, sessionToken); CreateRoleRequest request = new CreateRoleRequest() { RoleName = input.SelectToken("EventData.roleName").ToString(), MaxSessionDuration = 43200, AssumeRolePolicyDocument = "{ \"Version\": \"2012-10-17\", \"Statement\": { \"Effect\": \"Allow\", \"Action\": \"sts:AssumeRoleWithSAML\", \"Principal\": {\"Federated\": \"arn:aws:iam::" + accountId + ":saml-provider/ADFS\"}, \"Condition\": {\"StringEquals\": {\"SAML:aud\": \"https://signin.aws.amazon.com/saml\"}} } }" }; CreateRoleResponse response = client.CreateRoleAsync(request).Result; JObject outputObject = new JObject(); outputObject.Add("CreateAccountResponse", createAccountResponseObject); outputObject.Add("CreateRoleResponse", JObject.FromObject(response)); outputObject.Add("EventData", input.SelectToken("EventData")); return(outputObject); }
public JObject FunctionHandler(JObject input) { JObject createAccountResponseObject = JObject.FromObject(input.SelectToken("CreateAccountResponse")); string accountId = createAccountResponseObject.SelectToken("CreateAccountStatus.AccountId").ToString(); var credentials = AssumeIdentity.AssumeRole(accountId).Credentials; string accessKey = credentials.AccessKeyId; string secretkey = credentials.SecretAccessKey; string sessionToken = credentials.SessionToken; AmazonIdentityManagementServiceClient client = new AmazonIdentityManagementServiceClient(accessKey, secretkey, sessionToken); AttachRolePolicyRequest request = new AttachRolePolicyRequest() { PolicyArn = "arn:aws:iam::aws:policy/AdministratorAccess", RoleName = input.SelectToken("EventData.roleName").ToString() }; AttachRolePolicyResponse response = client.AttachRolePolicyAsync(request).Result; JObject outputObject = new JObject(); outputObject.Add("AttachRolePolicyResponse", JObject.FromObject(response)); outputObject.Add("CreateAccountResponse", input.SelectToken("CreateAccountResponse")); outputObject.Add("EventData", input.SelectToken("EventData")); return(outputObject); }
public JObject FunctionHandler(JObject input) { LambdaLogger.Log(JObject.FromObject(input).ToString()); string accountId = input.SelectToken("CreateAccountStatus.CreateAccountStatus.AccountId").ToString(); var credentials = AssumeIdentity.AssumeRole(accountId).Credentials; string accessKey = credentials.AccessKeyId; string secretkey = credentials.SecretAccessKey; string sessionToken = credentials.SessionToken; AmazonIdentityManagementServiceClient client = new AmazonIdentityManagementServiceClient(accessKey, secretkey, sessionToken); CreateSAMLProviderRequest request = new CreateSAMLProviderRequest() { Name = "ADFS", SAMLMetadataDocument = MetadataXML() }; CreateSAMLProviderResponse response = client.CreateSAMLProviderAsync(request).Result; JObject outputObject = new JObject(); outputObject.Add("CreateSAMLProviderResponse", JObject.FromObject(response)); outputObject.Add("CreateAccountResponse", input.SelectToken("CreateAccountStatus")); outputObject.Add("EventData", input.SelectToken("EventData")); return(outputObject); }
public UpdateSAMLProviderResponse updateSAMLProvider(string accountId) { AmazonIdentityManagementServiceClient client = new AmazonIdentityManagementServiceClient();; if (accountId != "177654365656") { var credentials = AssumeIdentity.AssumeRole(accountId).Credentials; string accessKey = credentials.AccessKeyId; string secretkey = credentials.SecretAccessKey; string sessionToken = credentials.SessionToken; client = new AmazonIdentityManagementServiceClient(accessKey, secretkey, sessionToken); } UpdateSAMLProviderRequest request = new UpdateSAMLProviderRequest() { SAMLMetadataDocument = MetadataXML(), SAMLProviderArn = string.Format("arn:aws:iam::{0}:saml-provider/ADFS", accountId) }; UpdateSAMLProviderResponse response = client.UpdateSAMLProviderAsync(request).Result; return(response); }