AddRoleToInstanceProfile() public method

Adds the specified IAM role to the specified instance profile.

The caller of this API must be granted the PassRole permission on the IAM role by a permission policy.

For more information about roles, go to Working with Roles. For more information about instance profiles, go to About Instance Profiles.

/// The request was rejected because it attempted to create a resource that already exists. /// /// The request was rejected because it attempted to create resources beyond the current /// AWS account limits. The error message describes the limit exceeded. /// /// The request was rejected because it referenced an entity that does not exist. The /// error message describes the entity. /// /// The request processing has failed because of an unknown error, exception or failure. ///
public AddRoleToInstanceProfile ( AddRoleToInstanceProfileRequest request ) : Amazon.IdentityManagement.Model.AddRoleToInstanceProfileResponse
request Amazon.IdentityManagement.Model.AddRoleToInstanceProfileRequest Container for the necessary parameters to execute the AddRoleToInstanceProfile service method.
return Amazon.IdentityManagement.Model.AddRoleToInstanceProfileResponse
AmazonIdentityManagementServiceClient Class Documentation
示例#1
0
        public async Task EnsureEc2ServiceRoleExistsAsync(string excuteApiUriForPolicy = "")
        {
            if (await RoleAlreadyExistsAsync())
            {
                loggerProvider.GetLogger()
                    .Debug("Role with roleName {roleName} already exists", configurationProvider.ShortApplicationName);
                return;
            }
            using (
                var iamClient = new AmazonIdentityManagementServiceClient(credentials,
                    configurationProvider.RegionEndpoint))
            {
                var createRoleResponse = await iamClient.CreateRoleAsync(new CreateRoleRequest
                {
                    RoleName = configurationProvider.ShortApplicationName,
                    AssumeRolePolicyDocument =
                        "{\"Version\": \"2012-10-17\", \"Statement\": {\"Effect\": \"Allow\", \"Principal\": { \"Service\": \"ec2.amazonaws.com\"}, \"Action\": \"sts:AssumeRole\"}}"
                });

                loggerProvider.GetLogger().Debug("The IAM Uri is " + excuteApiUriForPolicy);
                if (!string.IsNullOrWhiteSpace(excuteApiUriForPolicy))
                {
                    var policyDocument =
                   "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Effect\": \"Allow\",\"Action\": [\"execute-api:Invoke\"],\"Resource\": \"arn:aws:execute-api:*:*:" +
                   excuteApiUriForPolicy + "\"}]}";

                    loggerProvider.GetLogger().Debug("The new Policy Reads : " + policyDocument);
                    var newPolicy = await iamClient.CreatePolicyAsync(new CreatePolicyRequest
                    {
                        Description =
                            "Policy to demonstrate that I have permission that is limited to a specific resource in ApiGateway ",
                        PolicyDocument = policyDocument,
                        PolicyName = "ResourceInvocation"
                    });

                    loggerProvider.GetLogger().Debug("Policy Created: " + newPolicy.Policy.Arn);
                    await iamClient.AttachRolePolicyAsync(new AttachRolePolicyRequest
                    {
                        RoleName = configurationProvider.ShortApplicationName,
                        PolicyArn = newPolicy.Policy.Arn
                    });
                    loggerProvider.GetLogger().Debug("Policy Attach to Role: " + newPolicy.Policy.Arn);
                }
                

                loggerProvider.GetLogger().Debug("Created role: {@createRoleResponse}", createRoleResponse);
                var createInstanceProfileResponse = iamClient.CreateInstanceProfile(new CreateInstanceProfileRequest
                {
                    InstanceProfileName = configurationProvider.ShortApplicationName
                });
                loggerProvider.GetLogger()
                    .Debug("Created instance profile: {@createInstanceProfileResponse}", createInstanceProfileResponse);
                var addRoleToInstanceProfileResponse =
                    iamClient.AddRoleToInstanceProfile(new AddRoleToInstanceProfileRequest
                    {
                        InstanceProfileName = configurationProvider.ShortApplicationName,
                        RoleName = configurationProvider.ShortApplicationName
                    });
                loggerProvider.GetLogger()
                    .Debug("Added role to instance profile: {@addRoleToInstanceProfileResponse}",
                        addRoleToInstanceProfileResponse);
            }
        }