def _create_instance_profile(instance_profile, path='/', role=None):
"""Creates an IAM instance profile, if one doesn't exist with the same
name, and associates it with an existing IAM role.
If the profile is associated with a different role, it will be updated.
The path argument is only used if the profile is being created, it is
ignored, otherwise.
"""
if role is None: role = instance_profile
profile_roles = {}
try:
iam.create_instance_profile(instance_profile, path=path)
except boto.exception.BotoServerError as err:
if err.status != 409:
raise
profile_roles = iam.get_instance_profile(instance_profile) \
['get_instance_profile_response'] \
['get_instance_profile_result'] \
['instance_profile'] \
['roles']
if 'member' in profile_roles:
iam.remove_role_from_instance_profile(instance_profile,
profile_roles['member']['role_name'])
def delete(name):
_setup_iam_connection()
try:
iam.remove_role_from_instance_profile(name, name)
except boto.exception.BotoServerError as err:
if err.status != 404 \
and (err.status != 400 or err.error_code != 'ValidationError'):
# Role or instance profile don't exist
raise
try:
iam.delete_instance_profile(name)
except boto.exception.BotoServerError as err:
# Function will fail with 409 error status if IAM instance-profile is
# attached to an IAM role with a different name. That's intentional as
# it is not an hc2002 role.
if err.status != 404 \
and (err.status != 400 or err.error_code != 'ValidationError'):
# Instance profile doesn't exist
raise
try:
_delete_role_policies(name)
iam.delete_role(name)
except boto.exception.BotoServerError as err:
if err.status != 404 \
and (err.status != 400 or err.error_code != 'ValidationError'):
# Role doesn't exist
raise
