def get_or_create_eb_instance_profile_role():
""" This function creates the appropriate roles that apply to the instances in an elastic
beanstalk environment, based of of the roles created when using the online AWS console. """
iam_client = create_iam_client()
try:
iam_find_role(iam_client, EB_INSTANCE_PROFILE_ROLE)
except IamEntityMissingError:
log.info("eb instance profile _role_ not found, creating...")
iam_create_role(iam_client, EB_INSTANCE_PROFILE_ROLE, get_instance_assume_role_policy_document())
# This first one is in the original role, but it is almost definitely not required.
iam_attach_role_policy(iam_client, EB_INSTANCE_PROFILE_ROLE, AWS_EB_MULTICONTAINER_DOCKER)
iam_attach_role_policy(iam_client, EB_INSTANCE_PROFILE_ROLE, AWS_EB_WEB_TIER)
iam_attach_role_policy(iam_client, EB_INSTANCE_PROFILE_ROLE, AWS_EB_WORKER_TIER)
return iam_find_role(iam_client, EB_INSTANCE_PROFILE_ROLE)
def get_or_create_eb_service_role():
""" This function creates the appropriate roles that apply to the elastic beanstalk environment,
based of of the roles created when using the online AWS console. """
iam_client = create_iam_client()
try:
iam_find_role(iam_client, EB_SERVICE_ROLE)
except IamEntityMissingError:
log.info("eb service role not found, creating...")
iam_create_role(iam_client, EB_SERVICE_ROLE, get_elasticbeanstalk_assume_role_policy_document())
iam_attach_role_policy(iam_client, EB_SERVICE_ROLE, AWS_EB_SERVICE)
iam_attach_role_policy(iam_client, EB_SERVICE_ROLE, AWS_EB_ENHANCED_HEALTH)
return iam_find_role(iam_client, EB_SERVICE_ROLE)