CreateInstanceProfile() public method

Creates a new instance profile. For information about instance profiles, go to About Instance Profiles.

For information about the number of instance profiles you can create, see Limitations on IAM Entities in the IAM User Guide.

/// The request was rejected because it attempted to create a resource that already exists. /// /// The request was rejected because it attempted to create resources beyond the current /// AWS account limits. The error message describes the limit exceeded. /// /// The request processing has failed because of an unknown error, exception or failure. ///
public CreateInstanceProfile ( CreateInstanceProfileRequest request ) : CreateInstanceProfileResponse
request Amazon.IdentityManagement.Model.CreateInstanceProfileRequest Container for the necessary parameters to execute the CreateInstanceProfile service method.
return Amazon.IdentityManagement.Model.CreateInstanceProfileResponse
AmazonIdentityManagementServiceClient Class Documentation
示例#1
0
        public async Task EnsureEc2ServiceRoleExistsAsync(string excuteApiUriForPolicy = "")
        {
            if (await RoleAlreadyExistsAsync())
            {
                loggerProvider.GetLogger()
                    .Debug("Role with roleName {roleName} already exists", configurationProvider.ShortApplicationName);
                return;
            }
            using (
                var iamClient = new AmazonIdentityManagementServiceClient(credentials,
                    configurationProvider.RegionEndpoint))
            {
                var createRoleResponse = await iamClient.CreateRoleAsync(new CreateRoleRequest
                {
                    RoleName = configurationProvider.ShortApplicationName,
                    AssumeRolePolicyDocument =
                        "{\"Version\": \"2012-10-17\", \"Statement\": {\"Effect\": \"Allow\", \"Principal\": { \"Service\": \"ec2.amazonaws.com\"}, \"Action\": \"sts:AssumeRole\"}}"
                });

                loggerProvider.GetLogger().Debug("The IAM Uri is " + excuteApiUriForPolicy);
                if (!string.IsNullOrWhiteSpace(excuteApiUriForPolicy))
                {
                    var policyDocument =
                   "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Effect\": \"Allow\",\"Action\": [\"execute-api:Invoke\"],\"Resource\": \"arn:aws:execute-api:*:*:" +
                   excuteApiUriForPolicy + "\"}]}";

                    loggerProvider.GetLogger().Debug("The new Policy Reads : " + policyDocument);
                    var newPolicy = await iamClient.CreatePolicyAsync(new CreatePolicyRequest
                    {
                        Description =
                            "Policy to demonstrate that I have permission that is limited to a specific resource in ApiGateway ",
                        PolicyDocument = policyDocument,
                        PolicyName = "ResourceInvocation"
                    });

                    loggerProvider.GetLogger().Debug("Policy Created: " + newPolicy.Policy.Arn);
                    await iamClient.AttachRolePolicyAsync(new AttachRolePolicyRequest
                    {
                        RoleName = configurationProvider.ShortApplicationName,
                        PolicyArn = newPolicy.Policy.Arn
                    });
                    loggerProvider.GetLogger().Debug("Policy Attach to Role: " + newPolicy.Policy.Arn);
                }
                

                loggerProvider.GetLogger().Debug("Created role: {@createRoleResponse}", createRoleResponse);
                var createInstanceProfileResponse = iamClient.CreateInstanceProfile(new CreateInstanceProfileRequest
                {
                    InstanceProfileName = configurationProvider.ShortApplicationName
                });
                loggerProvider.GetLogger()
                    .Debug("Created instance profile: {@createInstanceProfileResponse}", createInstanceProfileResponse);
                var addRoleToInstanceProfileResponse =
                    iamClient.AddRoleToInstanceProfile(new AddRoleToInstanceProfileRequest
                    {
                        InstanceProfileName = configurationProvider.ShortApplicationName,
                        RoleName = configurationProvider.ShortApplicationName
                    });
                loggerProvider.GetLogger()
                    .Debug("Added role to instance profile: {@addRoleToInstanceProfileResponse}",
                        addRoleToInstanceProfileResponse);
            }
        }