Example 1 with GetRoleRequest
use of com.amazonaws.services.identitymanagement.model.GetRoleRequest in project cloudbreak by hortonworks.
the class AwsSetup method validateInstanceProfileCreation.
private void validateInstanceProfileCreation(AwsCredentialView awsCredentialView) {
GetRoleRequest roleRequest = new GetRoleRequest();
String roleName = awsCredentialView.getRoleArn().split("/")[1];
LOGGER.info("Start validate {} role for S3 access.", roleName);
roleRequest.withRoleName(roleName);
AmazonIdentityManagement client = awsClient.createAmazonIdentityManagement(awsCredentialView);
try {
ListRolePoliciesRequest listRolePoliciesRequest = new ListRolePoliciesRequest();
listRolePoliciesRequest.setRoleName(roleName);
ListRolePoliciesResult listRolePoliciesResult = client.listRolePolicies(listRolePoliciesRequest);
for (String s : listRolePoliciesResult.getPolicyNames()) {
if (checkIamOrS3Statement(roleName, client, s)) {
LOGGER.info("Validation successful for s3 or iam access.");
return;
}
}
ListAttachedRolePoliciesRequest listAttachedRolePoliciesRequest = new ListAttachedRolePoliciesRequest();
listAttachedRolePoliciesRequest.setRoleName(roleName);
ListAttachedRolePoliciesResult listAttachedRolePoliciesResult = client.listAttachedRolePolicies(listAttachedRolePoliciesRequest);
for (AttachedPolicy attachedPolicy : listAttachedRolePoliciesResult.getAttachedPolicies()) {
if (checkIamOrS3Access(client, attachedPolicy)) {
LOGGER.info("Validation successful for s3 or iam access.");
return;
}
}
} catch (AmazonServiceException ase) {
if (ase.getStatusCode() == UNAUTHORIZED) {
String policyMEssage = "Could not get policies on the role because the arn role do not have enough permission: %s";
LOGGER.info(String.format(policyMEssage, ase.getErrorMessage()));
throw new CloudConnectorException(String.format(policyMEssage, ase.getErrorMessage()));
} else {
LOGGER.info(ase.getMessage());
throw new CloudConnectorException(ase.getErrorMessage());
}
} catch (Exception e) {
LOGGER.info(e.getMessage());
throw new CloudConnectorException(e.getMessage());
}
LOGGER.info("Could not get policies on the role because the arn role do not have enough permission.");
throw new CloudConnectorException("Could not get policies on the role because the arn role do not have enough permission.");
}
Also used :
ListAttachedRolePoliciesResult(com.amazonaws.services.identitymanagement.model.ListAttachedRolePoliciesResult)
ListRolePoliciesResult(com.amazonaws.services.identitymanagement.model.ListRolePoliciesResult)
AttachedPolicy(com.amazonaws.services.identitymanagement.model.AttachedPolicy)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
AmazonServiceException(com.amazonaws.AmazonServiceException)
GetRoleRequest(com.amazonaws.services.identitymanagement.model.GetRoleRequest)
ListAttachedRolePoliciesRequest(com.amazonaws.services.identitymanagement.model.ListAttachedRolePoliciesRequest)
ListRolePoliciesRequest(com.amazonaws.services.identitymanagement.model.ListRolePoliciesRequest)
AmazonIdentityManagement(com.amazonaws.services.identitymanagement.AmazonIdentityManagement)
AmazonServiceException(com.amazonaws.AmazonServiceException)
AmazonClientException(com.amazonaws.AmazonClientException)
CloudConnectorException(com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)
Example 2 with GetRoleRequest
use of com.amazonaws.services.identitymanagement.model.GetRoleRequest in project Synapse-Stack-Builder by Sage-Bionetworks.
the class ElasticBeanstalkSetup method configureInstanceProfileForLogRolingToS3.
/**
* Setup the Role, policy and profile needed for automatic log rolling.
* Note the roleName is the same as the policy name.
*/
private void configureInstanceProfileForLogRolingToS3() {
// Need to grant the EC2 instances access to S3 so our logs can be rotated
String roleName = config.getElasticBeanstalkS3RoleName();
try {
// Try to get the role, if it does not exist then an exception will be thrown.
aimClient.getRole(new GetRoleRequest().withRoleName(roleName));
} catch (NoSuchEntityException e) {
// This means the role does not exist so we must create it.
aimClient.createRole(new CreateRoleRequest().withRoleName(roleName).withAssumeRolePolicyDocument(AssumeRolePolicyDocument));
}
// Set the role policy
aimClient.putRolePolicy(new PutRolePolicyRequest().withRoleName(roleName).withPolicyDocument(ROLE_POLICY).withPolicyName("AdminAccessToS3"));
// Create an instance profile with the same name as the role.
try {
// Check to see if it already exists
aimClient.getInstanceProfile(new GetInstanceProfileRequest().withInstanceProfileName(roleName));
} catch (NoSuchEntityException e) {
// this means it did not exist so we must create it.
aimClient.createInstanceProfile(new CreateInstanceProfileRequest().withInstanceProfileName(roleName));
// Add the policy to the role
aimClient.addRoleToInstanceProfile(new AddRoleToInstanceProfileRequest().withRoleName(roleName).withInstanceProfileName(roleName));
}
}
Also used :
CreateRoleRequest(com.amazonaws.services.identitymanagement.model.CreateRoleRequest)
GetInstanceProfileRequest(com.amazonaws.services.identitymanagement.model.GetInstanceProfileRequest)
AddRoleToInstanceProfileRequest(com.amazonaws.services.identitymanagement.model.AddRoleToInstanceProfileRequest)
GetRoleRequest(com.amazonaws.services.identitymanagement.model.GetRoleRequest)
NoSuchEntityException(com.amazonaws.services.identitymanagement.model.NoSuchEntityException)
CreateInstanceProfileRequest(com.amazonaws.services.identitymanagement.model.CreateInstanceProfileRequest)
PutRolePolicyRequest(com.amazonaws.services.identitymanagement.model.PutRolePolicyRequest)
Aggregations
GetRoleRequest (com.amazonaws.services.identitymanagement.model.GetRoleRequest)2
AmazonClientException (com.amazonaws.AmazonClientException)1
AmazonServiceException (com.amazonaws.AmazonServiceException)1
AmazonIdentityManagement (com.amazonaws.services.identitymanagement.AmazonIdentityManagement)1
AddRoleToInstanceProfileRequest (com.amazonaws.services.identitymanagement.model.AddRoleToInstanceProfileRequest)1
AttachedPolicy (com.amazonaws.services.identitymanagement.model.AttachedPolicy)1
CreateInstanceProfileRequest (com.amazonaws.services.identitymanagement.model.CreateInstanceProfileRequest)1
CreateRoleRequest (com.amazonaws.services.identitymanagement.model.CreateRoleRequest)1
GetInstanceProfileRequest (com.amazonaws.services.identitymanagement.model.GetInstanceProfileRequest)1
ListAttachedRolePoliciesRequest (com.amazonaws.services.identitymanagement.model.ListAttachedRolePoliciesRequest)1
ListAttachedRolePoliciesResult (com.amazonaws.services.identitymanagement.model.ListAttachedRolePoliciesResult)1
ListRolePoliciesRequest (com.amazonaws.services.identitymanagement.model.ListRolePoliciesRequest)1
ListRolePoliciesResult (com.amazonaws.services.identitymanagement.model.ListRolePoliciesResult)1
NoSuchEntityException (com.amazonaws.services.identitymanagement.model.NoSuchEntityException)1
PutRolePolicyRequest (com.amazonaws.services.identitymanagement.model.PutRolePolicyRequest)1
CloudConnectorException (com.sequenceiq.cloudbreak.cloud.exception.CloudConnectorException)1
