private static string PromptToCreateRole(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo)
{
Console.Out.WriteLine($"Enter name of the new IAM Role:");
var roleName = Console.ReadLine();
if (string.IsNullOrWhiteSpace(roleName))
{
return(null);
}
roleName = roleName.Trim();
Console.Out.WriteLine("Select IAM Policy to attach to the new role and grant permissions");
var managedPolices = FindManagedPoliciesAsync(iamClient, promptInfo, DEFAULT_ITEM_MAX).Result;
for (int i = 0; i < managedPolices.Count; i++)
{
var line = $" {(i + 1).ToString().PadLeft(2)}) {managedPolices[i].PolicyName}";
var description = AttemptToGetPolicyDescription(managedPolices[i].Arn, promptInfo.KnownManagedPolicyDescription);
if (!string.IsNullOrEmpty(description))
{
if ((line.Length + description.Length) > MAX_LINE_LENGTH_FOR_MANAGED_ROLE)
{
description = description.Substring(0, MAX_LINE_LENGTH_FOR_MANAGED_ROLE - line.Length) + " ...";
}
line += $" ({description})";
}
Console.Out.WriteLine(line);
}
Console.Out.WriteLine($" {(managedPolices.Count + 1).ToString().PadLeft(2)}) *** No policy, add permissions later ***");
Console.Out.Flush();
int chosenIndex = Utilities.WaitForPromptResponseByIndex(1, managedPolices.Count + 1);
string managedPolicyArn = null;
if (chosenIndex < managedPolices.Count)
{
var selectedPolicy = managedPolices[chosenIndex - 1];
managedPolicyArn = selectedPolicy.Arn;
}
var roleArn = CreateRole(iamClient, roleName, Utilities.GetAssumeRolePolicy(promptInfo.AssumeRolePrincipal), managedPolicyArn);
return(roleArn);
}
public static string PromptForRole(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo)
{
var existingRoles = FindExistingRoles(iamClient, promptInfo.AssumeRolePrincipal, DEFAULT_ITEM_MAX);
if (existingRoles.Count == 0)
{
return(PromptToCreateRole(iamClient, promptInfo));
}
var roleArn = SelectFromExisting(iamClient, promptInfo, existingRoles);
return(roleArn);
}
private static string SelectFromExisting(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo, IList <Role> existingRoles)
{
Console.Out.WriteLine("Select IAM Role that to provide AWS credentials to your code:");
for (int i = 0; i < existingRoles.Count; i++)
{
Console.Out.WriteLine($" {(i + 1).ToString().PadLeft(2)}) {existingRoles[i].RoleName}");
}
Console.Out.WriteLine($" {(existingRoles.Count + 1).ToString().PadLeft(2)}) *** Create new IAM Role ***");
Console.Out.Flush();
int chosenIndex = Utilities.WaitForPromptResponseByIndex(1, existingRoles.Count + 1);
if (chosenIndex - 1 < existingRoles.Count)
{
return(existingRoles[chosenIndex - 1].Arn);
}
else
{
return(PromptToCreateRole(iamClient, promptInfo));
}
}
public static async Task <IList <ManagedPolicy> > FindManagedPoliciesAsync(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo, int maxPolicies)
{
ListPoliciesRequest request = new ListPoliciesRequest
{
Scope = PolicyScopeType.AWS,
};
ListPoliciesResponse response = null;
IList <ManagedPolicy> policies = new List <ManagedPolicy>();
do
{
request.Marker = response?.Marker;
response = await iamClient.ListPoliciesAsync(request).ConfigureAwait(false);
foreach (var policy in response.Policies)
{
if (policy.IsAttachable &&
(promptInfo.KnownManagedPolicyDescription.ContainsKey(policy.PolicyName) ||
(promptInfo.AWSManagedPolicyNamePrefix != null && policy.PolicyName.StartsWith(promptInfo.AWSManagedPolicyNamePrefix)))
)
{
policies.Add(policy);
}
if (policies.Count == maxPolicies)
{
return(policies);
}
}
} while (response.IsTruncated);
response = await iamClient.ListPoliciesAsync(new ListPoliciesRequest
{
Scope = PolicyScopeType.Local
});
foreach (var policy in response.Policies)
{
if (policy.IsAttachable)
{
policies.Add(policy);
}
if (policies.Count == maxPolicies)
{
return(policies);
}
}
return(policies);
}
