def get_default_role(): role = DEFAULT_ROLE_NAME document = iam_documents.EC2_ASSUME_ROLE_PERMISSION try: iam.create_role_with_policy(role, document, DEFAULT_ROLE_POLICIES) except AlreadyExistsError: pass return role
def create_default_service_role(): """ Create the default service role """ io.log_info('Creating service role {} with default permissions.' .format(DEFAULT_SERVICE_ROLE_NAME)) trust_document = _get_default_service_trust_document() role_name = DEFAULT_SERVICE_ROLE_NAME try: iam.create_role_with_policy(role_name, trust_document, DEFAULT_SERVICE_ROLE_POLICIES) except NotAuthorizedError as e: raise NotAuthorizedError(prompts['create.servicerole.nopermissions'] .format(DEFAULT_SERVICE_ROLE_NAME, e)) return DEFAULT_SERVICE_ROLE_NAME
def create_default_service_role(): """ Create the default service role """ io.log_info('Creating service role {} with default permissions.' .format(DEFAULT_SERVICE_ROLE_NAME)) trust_document = _get_default_service_trust_document() role_name = DEFAULT_SERVICE_ROLE_NAME try: iam.create_role_with_policy(role_name, trust_document, DEFAULT_SERVICE_ROLE_POLICIES) except NotAuthorizedError as e: # NO permissions to create or do something raise NotAuthorizedError(prompts['create.servicerole.nopermissions'] .format(DEFAULT_SERVICE_ROLE_NAME, e)) return DEFAULT_SERVICE_ROLE_NAME
def _create_instance_role(role_name, policy_arns): document = iam_documents.EC2_ASSUME_ROLE_PERMISSION ret = iam.create_role_with_policy(role_name, document, policy_arns) return ret