Creates a new role for your AWS account.
For information about limitations on the number of roles you can create, see Limitations on IAM Entities in Using AWS Identity and Access Management .
public object Execute(ExecutorContext context) { var cmdletContext = context as CmdletContext; // create request var request = new Amazon.IdentityManagement.Model.CreateRoleRequest(); if (cmdletContext.AssumeRolePolicyDocument != null) { request.AssumeRolePolicyDocument = cmdletContext.AssumeRolePolicyDocument; } if (cmdletContext.Description != null) { request.Description = cmdletContext.Description; } if (cmdletContext.MaxSessionDuration != null) { request.MaxSessionDuration = cmdletContext.MaxSessionDuration.Value; } if (cmdletContext.Path != null) { request.Path = cmdletContext.Path; } if (cmdletContext.PermissionsBoundary != null) { request.PermissionsBoundary = cmdletContext.PermissionsBoundary; } if (cmdletContext.RoleName != null) { request.RoleName = cmdletContext.RoleName; } if (cmdletContext.Tag != null) { request.Tags = cmdletContext.Tag; } CmdletOutput output; // issue call var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint); try { var response = CallAWSServiceOperation(client, request); object pipelineOutput = null; pipelineOutput = cmdletContext.Select(response, this); output = new CmdletOutput { PipelineOutput = pipelineOutput, ServiceResponse = response }; } catch (Exception e) { output = new CmdletOutput { ErrorResponse = e }; } return(output); }
/// <summary> /// Initiates the asynchronous execution of the CreateRole operation. /// <seealso cref="Amazon.IdentityManagement.IAmazonIdentityManagementService"/> /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the CreateRole operation.</param> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> /// <returns>The task object representing the asynchronous operation.</returns> public Task<CreateRoleResponse> CreateRoleAsync(CreateRoleRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new CreateRoleRequestMarshaller(); var unmarshaller = CreateRoleResponseUnmarshaller.Instance; return InvokeAsync<CreateRoleRequest,CreateRoleResponse>(request, marshaller, unmarshaller, cancellationToken); }
internal CreateRoleResponse CreateRole(CreateRoleRequest request) { var marshaller = new CreateRoleRequestMarshaller(); var unmarshaller = CreateRoleResponseUnmarshaller.Instance; return Invoke<CreateRoleRequest,CreateRoleResponse>(request, marshaller, unmarshaller); }
IAsyncResult invokeCreateRole(CreateRoleRequest createRoleRequest, AsyncCallback callback, object state, bool synchronized) { IRequest irequest = new CreateRoleRequestMarshaller().Marshall(createRoleRequest); var unmarshaller = CreateRoleResponseUnmarshaller.GetInstance(); AsyncResult result = new AsyncResult(irequest, callback, state, synchronized, signer, unmarshaller); Invoke(result); return result; }
/// <summary> /// Initiates the asynchronous execution of the CreateRole operation. /// <seealso cref="Amazon.IdentityManagement.AmazonIdentityManagementService.CreateRole"/> /// </summary> /// /// <param name="createRoleRequest">Container for the necessary parameters to execute the CreateRole operation on /// AmazonIdentityManagementService.</param> /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param> /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> /// /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking EndCreateRole /// operation.</returns> public IAsyncResult BeginCreateRole(CreateRoleRequest createRoleRequest, AsyncCallback callback, object state) { return invokeCreateRole(createRoleRequest, callback, state, false); }
/// <summary> /// <para>Creates a new role for your AWS account.</para> <para>For information about limitations on the number of roles you can create, see /// Limitations on IAM Entities in <i>Using AWS Identity and Access Management</i> .</para> /// </summary> /// /// <param name="createRoleRequest">Container for the necessary parameters to execute the CreateRole service method on /// AmazonIdentityManagementService.</param> /// /// <returns>The response from the CreateRole service method, as returned by AmazonIdentityManagementService.</returns> /// /// <exception cref="MalformedPolicyDocumentException"/> /// <exception cref="LimitExceededException"/> /// <exception cref="EntityAlreadyExistsException"/> public CreateRoleResponse CreateRole(CreateRoleRequest createRoleRequest) { IAsyncResult asyncResult = invokeCreateRole(createRoleRequest, null, null, true); return EndCreateRole(asyncResult); }
/// <summary> /// Initiates the asynchronous execution of the CreateRole operation. /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the CreateRole operation on AmazonIdentityManagementServiceClient.</param> /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param> /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> /// /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking EndCreateRole /// operation.</returns> public IAsyncResult BeginCreateRole(CreateRoleRequest request, AsyncCallback callback, object state) { var marshaller = new CreateRoleRequestMarshaller(); var unmarshaller = CreateRoleResponseUnmarshaller.Instance; return BeginInvoke<CreateRoleRequest>(request, marshaller, unmarshaller, callback, state); }
/// <summary> /// Initiates the asynchronous execution of the CreateRole operation. /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the CreateRole operation on AmazonIdentityManagementServiceClient.</param> /// <param name="callback">An Action delegate that is invoked when the operation completes.</param> /// <param name="options">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> public void CreateRoleAsync(CreateRoleRequest request, AmazonServiceCallback<CreateRoleRequest, CreateRoleResponse> callback, AsyncOptions options = null) { options = options == null?new AsyncOptions():options; var marshaller = new CreateRoleRequestMarshaller(); var unmarshaller = CreateRoleResponseUnmarshaller.Instance; Action<AmazonWebServiceRequest, AmazonWebServiceResponse, Exception, AsyncOptions> callbackHelper = null; if(callback !=null ) callbackHelper = (AmazonWebServiceRequest req, AmazonWebServiceResponse res, Exception ex, AsyncOptions ao) => { AmazonServiceResult<CreateRoleRequest,CreateRoleResponse> responseObject = new AmazonServiceResult<CreateRoleRequest,CreateRoleResponse>((CreateRoleRequest)req, (CreateRoleResponse)res, ex , ao.State); callback(responseObject); }; BeginInvoke<CreateRoleRequest>(request, marshaller, unmarshaller, options, callbackHelper); }
/// <summary> /// Initiates the asynchronous execution of the CreateRole operation. /// <seealso cref="Amazon.IdentityManagement.IAmazonIdentityManagementService.CreateRole"/> /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the CreateRole operation.</param> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> /// <returns>The task object representing the asynchronous operation.</returns> public async Task<CreateRoleResponse> CreateRoleAsync(CreateRoleRequest request, CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new CreateRoleRequestMarshaller(); var unmarshaller = CreateRoleResponseUnmarshaller.GetInstance(); var response = await Invoke<IRequest, CreateRoleRequest, CreateRoleResponse>(request, marshaller, unmarshaller, signer, cancellationToken) .ConfigureAwait(continueOnCapturedContext: false); return response; }
/// <summary> /// <para>Creates a new role for your AWS account. For more information about roles, go to <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html">Working with Roles</a> . /// For information about limitations on role names and the number of roles you can create, go to <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html">Limitations on IAM Entities</a> in <i>Using /// AWS Identity and Access Management</i> .</para> <para>The policy grants permission to an EC2 instance to assume the role. The policy is /// URL-encoded according to RFC 3986. For more information about RFC 3986, go to <a href="http://www.faqs.org/rfcs/rfc3986.html">http://www.faqs.org/rfcs/rfc3986.html</a> . /// Currently, only EC2 instances can assume roles.</para> /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the CreateRole service method on /// AmazonIdentityManagementService.</param> /// /// <returns>The response from the CreateRole service method, as returned by AmazonIdentityManagementService.</returns> /// /// <exception cref="T:Amazon.IdentityManagement.Model.MalformedPolicyDocumentException" /> /// <exception cref="T:Amazon.IdentityManagement.Model.LimitExceededException" /> /// <exception cref="T:Amazon.IdentityManagement.Model.EntityAlreadyExistsException" /> public CreateRoleResponse CreateRole(CreateRoleRequest request) { var task = CreateRoleAsync(request); try { return task.Result; } catch(AggregateException e) { throw e.InnerException; } }
private Amazon.IdentityManagement.Model.CreateRoleResponse CallAWSServiceOperation(IAmazonIdentityManagementService client, Amazon.IdentityManagement.Model.CreateRoleRequest request) { Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Identity and Access Management", "CreateRole"); try { #if DESKTOP return(client.CreateRole(request)); #elif CORECLR return(client.CreateRoleAsync(request).GetAwaiter().GetResult()); #else #error "Unknown build edition" #endif } catch (AmazonServiceException exc) { var webException = exc.InnerException as System.Net.WebException; if (webException != null) { throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException); } throw; } }
/// <summary> /// <para>Creates a new role for your AWS account. For more information about roles, go to <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html">Working with Roles</a> . /// For information about limitations on role names and the number of roles you can create, go to <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html">Limitations on IAM Entities</a> in <i>Using /// AWS Identity and Access Management</i> .</para> <para>The policy grants permission to an EC2 instance to assume the role. The policy is /// URL-encoded according to RFC 3986. For more information about RFC 3986, go to <a href="http://www.faqs.org/rfcs/rfc3986.html">http://www.faqs.org/rfcs/rfc3986.html</a> . /// Currently, only EC2 instances can assume roles.</para> /// </summary> /// /// <param name="createRoleRequest">Container for the necessary parameters to execute the CreateRole service method on /// AmazonIdentityManagementService.</param> /// /// <returns>The response from the CreateRole service method, as returned by AmazonIdentityManagementService.</returns> /// /// <exception cref="T:Amazon.IdentityManagement.Model.MalformedPolicyDocumentException" /> /// <exception cref="T:Amazon.IdentityManagement.Model.LimitExceededException" /> /// <exception cref="T:Amazon.IdentityManagement.Model.EntityAlreadyExistsException" /> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> public Task<CreateRoleResponse> CreateRoleAsync(CreateRoleRequest createRoleRequest, CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new CreateRoleRequestMarshaller(); var unmarshaller = CreateRoleResponseUnmarshaller.GetInstance(); return Invoke<IRequest, CreateRoleRequest, CreateRoleResponse>(createRoleRequest, marshaller, unmarshaller, signer, cancellationToken); }
internal CreateRoleResponse CreateRole(CreateRoleRequest request) { var task = CreateRoleAsync(request); try { return task.Result; } catch(AggregateException e) { ExceptionDispatchInfo.Capture(e.InnerException).Throw(); return null; } }
public virtual string PrepMode_CreateRole(AmazonIdentityManagementServiceClient iamClient, string roleName, string policyText, string trustRelationshipText) { var roleArn = String.Empty; // Use the CreateRoleRequest object to define the role. The AssumeRolePolicyDocument property should be // set to the value of the trustRelationshipText parameter. var createRoleRequest = new CreateRoleRequest { AssumeRolePolicyDocument = trustRelationshipText, RoleName = roleName }; roleArn = iamClient.CreateRole(createRoleRequest).Role.Arn; // Use the PutRolePolicyRequest object to define the request. Select whatever policy name you would like. // The PolicyDocument property is there the policy is described. var putRolePolicyRequest = new PutRolePolicyRequest { RoleName = roleName, PolicyName = String.Format("{0}_policy", roleName), PolicyDocument = policyText }; iamClient.PutRolePolicy(putRolePolicyRequest); return roleArn; }
IAsyncResult invokeCreateRole(CreateRoleRequest request, AsyncCallback callback, object state, bool synchronized) { var marshaller = new CreateRoleRequestMarshaller(); var unmarshaller = CreateRoleResponseUnmarshaller.Instance; return Invoke(request, callback, state, synchronized, marshaller, unmarshaller, signer); }
public static void Test(string identityProvider) { // Login with credentials to create the role // credentials are defined in app.config var iamClient = new AmazonIdentityManagementServiceClient(); string providerURL = null, providerAppIdName = null, providerUserIdName = null, providerAppId = null; switch (identityProvider) { case "Facebook": providerURL = "graph.facebook.com"; providerAppIdName = "app_id"; providerUserIdName = "id"; break; case "Google": providerURL = "accounts.google.com"; providerAppIdName = "aud"; providerUserIdName = "sub"; break; case "Amazon": providerURL = "www.amazon.com"; providerAppIdName = "app_id"; providerUserIdName = "user_id"; break; } //identity provider specific AppId is loaded from app.config (e.g) // FacebookProviderAppId. GoogleProviderAppId, AmazonProviderAppId providerAppId = ConfigurationManager.AppSettings[identityProvider + "ProviderAppId"]; // Since the string is passed to String.Format, '{' & '}' has to be escaped. // Policy document specifies who can invoke AssumeRoleWithWebIdentity string trustPolicyTemplate = @"{{ ""Version"": ""2012-10-17"", ""Statement"": [ {{ ""Effect"": ""Allow"", ""Principal"": {{ ""Federated"": ""{1}"" }}, ""Action"": ""sts:AssumeRoleWithWebIdentity"", ""Condition"": {{ ""StringEquals"": {{""{1}:{2}"": ""{3}""}} }} }} ] }}"; // Defines what permissions to grant when AssumeRoleWithWebIdentity is called string accessPolicyTemplate = @"{{ ""Version"": ""2012-10-17"", ""Statement"": [ {{ ""Effect"":""Allow"", ""Action"":[""s3:GetObject"", ""s3:PutObject"", ""s3:DeleteObject""], ""Resource"": [ ""arn:aws:s3:::federationtestbucket/{0}/${{{1}:{4}}}"", ""arn:aws:s3:::federationtestbucket/{0}/${{{1}:{4}}}/*"" ] }} ] }}"; // Create Trust policy CreateRoleRequest createRoleRequest = new CreateRoleRequest { RoleName = "federationtestrole", AssumeRolePolicyDocument = string.Format(trustPolicyTemplate, identityProvider, providerURL, providerAppIdName, providerAppId) }; Console.WriteLine("\nTrust Policy Document:\n{0}\n", createRoleRequest.AssumeRolePolicyDocument); CreateRoleResponse createRoleResponse = iamClient.CreateRole(createRoleRequest); // Create Access policy (Permissions) PutRolePolicyRequest putRolePolicyRequest = new PutRolePolicyRequest { PolicyName = "federationtestrole-rolepolicy", RoleName = "federationtestrole", PolicyDocument = string.Format(accessPolicyTemplate, identityProvider, providerURL, providerAppIdName, providerAppId, providerUserIdName) }; Console.WriteLine("\nAccess Policy Document (Permissions):\n{0}\n", putRolePolicyRequest.PolicyDocument); PutRolePolicyResponse putRolePolicyResponse = iamClient.PutRolePolicy( putRolePolicyRequest); // Sleep for the policy to replicate System.Threading.Thread.Sleep(5000); AmazonS3Config config = new AmazonS3Config { ServiceURL = "s3.amazonaws.com", RegionEndpoint = Amazon.RegionEndpoint.USEast1 }; Federation federationTest = new Federation(); AssumeRoleWithWebIdentityResponse assumeRoleWithWebIdentityResponse = null; switch (identityProvider) { case "Facebook": assumeRoleWithWebIdentityResponse = federationTest.GetTemporaryCredentialUsingFacebook( providerAppId, createRoleResponse.Role.Arn); break; case "Google": assumeRoleWithWebIdentityResponse = federationTest.GetTemporaryCredentialUsingGoogle( providerAppId, createRoleResponse.Role.Arn); //Uncomment to perform two step process //assumeRoleWithWebIdentityResponse = // federationTest.GetTemporaryCredentialUsingGoogle( // providerAppId, // ConfigurationManager.AppSettings["GoogleProviderAppIdSecret"], // createRoleResponse.Role.Arn); break; case "Amazon": assumeRoleWithWebIdentityResponse = federationTest.GetTemporaryCredentialUsingAmazon( ConfigurationManager.AppSettings["AmazonProviderClientId"], createRoleResponse.Role.Arn); break; } S3Test s3Test = new S3Test(); s3Test.CreateS3Bucket("federationtestbucket", identityProvider + "/" + assumeRoleWithWebIdentityResponse.SubjectFromWebIdentityToken, assumeRoleWithWebIdentityResponse.Credentials, config); DeleteRolePolicyResponse deleteRolePolicyResponse = iamClient.DeleteRolePolicy(new DeleteRolePolicyRequest { PolicyName = "federationtestrole-rolepolicy", RoleName = "federationtestrole" }); DeleteRoleResponse deleteRoleResponse = iamClient.DeleteRole(new DeleteRoleRequest { RoleName = "federationtestrole" }); }