Search in sources :

Example 1 with GetRoleRequest

use of software.amazon.awssdk.services.iam.model.GetRoleRequest in project aws-greengrass-nucleus by aws-greengrass.

the class DeviceProvisioningHelper method setupIoTRoleForTes.

/**
 * Create IoT role for using TES.
 *
 * @param roleName       rolaName
 * @param roleAliasName  roleAlias name
 * @param certificateArn certificate arn for the IoT thing
 */
public void setupIoTRoleForTes(String roleName, String roleAliasName, String certificateArn) {
    String roleAliasArn;
    try {
        // Get Role Alias arn
        DescribeRoleAliasRequest describeRoleAliasRequest = DescribeRoleAliasRequest.builder().roleAlias(roleAliasName).build();
        roleAliasArn = iotClient.describeRoleAlias(describeRoleAliasRequest).roleAliasDescription().roleAliasArn();
    } catch (ResourceNotFoundException ranfe) {
        outStream.printf("TES role alias \"%s\" does not exist, creating new alias...%n", roleAliasName);
        // Get IAM role arn in order to attach an alias to it
        String roleArn;
        try {
            GetRoleRequest getRoleRequest = GetRoleRequest.builder().roleName(roleName).build();
            roleArn = iamClient.getRole(getRoleRequest).role().arn();
        } catch (NoSuchEntityException | ResourceNotFoundException rnfe) {
            outStream.printf("TES role \"%s\" does not exist, creating role...%n", roleName);
            CreateRoleRequest createRoleRequest = CreateRoleRequest.builder().roleName(roleName).description("Role for Greengrass IoT things to interact with AWS services using token exchange service").assumeRolePolicyDocument("{\n  \"Version\": \"2012-10-17\",\n" + "  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n" + "      \"Principal\": {\n       \"Service\": \"" + tesServiceEndpoints.get(envStage) + "\"\n      },\n      \"Action\": \"sts:AssumeRole\"\n    }\n  ]\n}").build();
            roleArn = iamClient.createRole(createRoleRequest).role().arn();
        }
        CreateRoleAliasRequest createRoleAliasRequest = CreateRoleAliasRequest.builder().roleArn(roleArn).roleAlias(roleAliasName).build();
        roleAliasArn = iotClient.createRoleAlias(createRoleAliasRequest).roleAliasArn();
    }
    // Attach policy role alias to cert
    String iotRolePolicyName = IOT_ROLE_POLICY_NAME_PREFIX + roleAliasName;
    try {
        iotClient.getPolicy(GetPolicyRequest.builder().policyName(iotRolePolicyName).build());
    } catch (ResourceNotFoundException e) {
        outStream.printf("IoT role policy \"%s\" for TES Role alias not exist, creating policy...%n", iotRolePolicyName);
        CreatePolicyRequest createPolicyRequest = CreatePolicyRequest.builder().policyName(iotRolePolicyName).policyDocument("{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": {\n" + "\t\t\"Effect\": \"Allow\",\n\t\t\"Action\": \"iot:AssumeRoleWithCertificate\",\n" + "\t\t\"Resource\": \"" + roleAliasArn + "\"\n\t}\n}").build();
        iotClient.createPolicy(createPolicyRequest);
    }
    outStream.println("Attaching TES role policy to IoT thing...");
    AttachPolicyRequest attachPolicyRequest = AttachPolicyRequest.builder().policyName(iotRolePolicyName).target(certificateArn).build();
    iotClient.attachPolicy(attachPolicyRequest);
}
Also used : CreateRoleRequest(software.amazon.awssdk.services.iam.model.CreateRoleRequest) CreatePolicyRequest(software.amazon.awssdk.services.iot.model.CreatePolicyRequest) DescribeRoleAliasRequest(software.amazon.awssdk.services.iot.model.DescribeRoleAliasRequest) CreateRoleAliasRequest(software.amazon.awssdk.services.iot.model.CreateRoleAliasRequest) AttachPolicyRequest(software.amazon.awssdk.services.iot.model.AttachPolicyRequest) GetRoleRequest(software.amazon.awssdk.services.iam.model.GetRoleRequest) ResourceNotFoundException(software.amazon.awssdk.services.iot.model.ResourceNotFoundException)

Example 2 with GetRoleRequest

use of software.amazon.awssdk.services.iam.model.GetRoleRequest in project amazon-timestream-tools by awslabs.

the class TimestreamDependencyHelper method createIAMRole.

public static String createIAMRole(IamClient iam, String rolename, String region) {
    System.out.println("Creating Role");
    try {
        IamWaiter iamWaiter = iam.waiter();
        CreateRoleRequest request = CreateRoleRequest.builder().roleName(rolename).assumeRolePolicyDocument(String.format(ROLE_POLICY_FORMAT, getServiceName(region))).description("Created using the AWS SDK for Java").build();
        CreateRoleResponse response = iam.createRole(request);
        // Wait until the role is created
        GetRoleRequest roleRequest = GetRoleRequest.builder().roleName(response.role().roleName()).build();
        WaiterResponse<GetRoleResponse> waitUntilRoleExists = iamWaiter.waitUntilRoleExists(roleRequest);
        waitUntilRoleExists.matched().response().ifPresent(System.out::println);
        System.out.println("The ARN of the role is " + response.role().arn());
        return response.role().arn();
    } catch (Exception e) {
        System.out.println("IAM role creation failed: " + e);
        throw e;
    }
}
Also used : CreateRoleRequest(software.amazon.awssdk.services.iam.model.CreateRoleRequest) CreateRoleResponse(software.amazon.awssdk.services.iam.model.CreateRoleResponse) GetRoleRequest(software.amazon.awssdk.services.iam.model.GetRoleRequest) GetRoleResponse(software.amazon.awssdk.services.iam.model.GetRoleResponse) IamWaiter(software.amazon.awssdk.services.iam.waiters.IamWaiter) S3Exception(software.amazon.awssdk.services.s3.model.S3Exception) SnsException(software.amazon.awssdk.services.sns.model.SnsException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) SqsException(software.amazon.awssdk.services.sqs.model.SqsException) IamException(software.amazon.awssdk.services.iam.model.IamException)

Aggregations

CreateRoleRequest (software.amazon.awssdk.services.iam.model.CreateRoleRequest)2 GetRoleRequest (software.amazon.awssdk.services.iam.model.GetRoleRequest)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 CreateRoleResponse (software.amazon.awssdk.services.iam.model.CreateRoleResponse)1 GetRoleResponse (software.amazon.awssdk.services.iam.model.GetRoleResponse)1 IamException (software.amazon.awssdk.services.iam.model.IamException)1 IamWaiter (software.amazon.awssdk.services.iam.waiters.IamWaiter)1 AttachPolicyRequest (software.amazon.awssdk.services.iot.model.AttachPolicyRequest)1 CreatePolicyRequest (software.amazon.awssdk.services.iot.model.CreatePolicyRequest)1 CreateRoleAliasRequest (software.amazon.awssdk.services.iot.model.CreateRoleAliasRequest)1 DescribeRoleAliasRequest (software.amazon.awssdk.services.iot.model.DescribeRoleAliasRequest)1 ResourceNotFoundException (software.amazon.awssdk.services.iot.model.ResourceNotFoundException)1 S3Exception (software.amazon.awssdk.services.s3.model.S3Exception)1 SnsException (software.amazon.awssdk.services.sns.model.SnsException)1 SqsException (software.amazon.awssdk.services.sqs.model.SqsException)1