use of software.amazon.awssdk.services.iam.model.GetRoleRequest in project aws-greengrass-nucleus by aws-greengrass.
the class DeviceProvisioningHelper method setupIoTRoleForTes.
/**
* Create IoT role for using TES.
*
* @param roleName rolaName
* @param roleAliasName roleAlias name
* @param certificateArn certificate arn for the IoT thing
*/
public void setupIoTRoleForTes(String roleName, String roleAliasName, String certificateArn) {
String roleAliasArn;
try {
// Get Role Alias arn
DescribeRoleAliasRequest describeRoleAliasRequest = DescribeRoleAliasRequest.builder().roleAlias(roleAliasName).build();
roleAliasArn = iotClient.describeRoleAlias(describeRoleAliasRequest).roleAliasDescription().roleAliasArn();
} catch (ResourceNotFoundException ranfe) {
outStream.printf("TES role alias \"%s\" does not exist, creating new alias...%n", roleAliasName);
// Get IAM role arn in order to attach an alias to it
String roleArn;
try {
GetRoleRequest getRoleRequest = GetRoleRequest.builder().roleName(roleName).build();
roleArn = iamClient.getRole(getRoleRequest).role().arn();
} catch (NoSuchEntityException | ResourceNotFoundException rnfe) {
outStream.printf("TES role \"%s\" does not exist, creating role...%n", roleName);
CreateRoleRequest createRoleRequest = CreateRoleRequest.builder().roleName(roleName).description("Role for Greengrass IoT things to interact with AWS services using token exchange service").assumeRolePolicyDocument("{\n \"Version\": \"2012-10-17\",\n" + " \"Statement\": [\n {\n \"Effect\": \"Allow\",\n" + " \"Principal\": {\n \"Service\": \"" + tesServiceEndpoints.get(envStage) + "\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}").build();
roleArn = iamClient.createRole(createRoleRequest).role().arn();
}
CreateRoleAliasRequest createRoleAliasRequest = CreateRoleAliasRequest.builder().roleArn(roleArn).roleAlias(roleAliasName).build();
roleAliasArn = iotClient.createRoleAlias(createRoleAliasRequest).roleAliasArn();
}
// Attach policy role alias to cert
String iotRolePolicyName = IOT_ROLE_POLICY_NAME_PREFIX + roleAliasName;
try {
iotClient.getPolicy(GetPolicyRequest.builder().policyName(iotRolePolicyName).build());
} catch (ResourceNotFoundException e) {
outStream.printf("IoT role policy \"%s\" for TES Role alias not exist, creating policy...%n", iotRolePolicyName);
CreatePolicyRequest createPolicyRequest = CreatePolicyRequest.builder().policyName(iotRolePolicyName).policyDocument("{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": {\n" + "\t\t\"Effect\": \"Allow\",\n\t\t\"Action\": \"iot:AssumeRoleWithCertificate\",\n" + "\t\t\"Resource\": \"" + roleAliasArn + "\"\n\t}\n}").build();
iotClient.createPolicy(createPolicyRequest);
}
outStream.println("Attaching TES role policy to IoT thing...");
AttachPolicyRequest attachPolicyRequest = AttachPolicyRequest.builder().policyName(iotRolePolicyName).target(certificateArn).build();
iotClient.attachPolicy(attachPolicyRequest);
}
use of software.amazon.awssdk.services.iam.model.GetRoleRequest in project amazon-timestream-tools by awslabs.
the class TimestreamDependencyHelper method createIAMRole.
public static String createIAMRole(IamClient iam, String rolename, String region) {
System.out.println("Creating Role");
try {
IamWaiter iamWaiter = iam.waiter();
CreateRoleRequest request = CreateRoleRequest.builder().roleName(rolename).assumeRolePolicyDocument(String.format(ROLE_POLICY_FORMAT, getServiceName(region))).description("Created using the AWS SDK for Java").build();
CreateRoleResponse response = iam.createRole(request);
// Wait until the role is created
GetRoleRequest roleRequest = GetRoleRequest.builder().roleName(response.role().roleName()).build();
WaiterResponse<GetRoleResponse> waitUntilRoleExists = iamWaiter.waitUntilRoleExists(roleRequest);
waitUntilRoleExists.matched().response().ifPresent(System.out::println);
System.out.println("The ARN of the role is " + response.role().arn());
return response.role().arn();
} catch (Exception e) {
System.out.println("IAM role creation failed: " + e);
throw e;
}
}
Aggregations