def _create_instance_profile(instance_profile, path='/', role=None): """Creates an IAM instance profile, if one doesn't exist with the same name, and associates it with an existing IAM role. If the profile is associated with a different role, it will be updated. The path argument is only used if the profile is being created, it is ignored, otherwise. """ if role is None: role = instance_profile profile_roles = {} try: iam.create_instance_profile(instance_profile, path=path) except boto.exception.BotoServerError as err: if err.status != 409: raise profile_roles = iam.get_instance_profile(instance_profile) \ ['get_instance_profile_response'] \ ['get_instance_profile_result'] \ ['instance_profile'] \ ['roles'] if 'member' in profile_roles: iam.remove_role_from_instance_profile(instance_profile, profile_roles['member']['role_name'])
def delete(name): _setup_iam_connection() try: iam.remove_role_from_instance_profile(name, name) except boto.exception.BotoServerError as err: if err.status != 404 \ and (err.status != 400 or err.error_code != 'ValidationError'): # Role or instance profile don't exist raise try: iam.delete_instance_profile(name) except boto.exception.BotoServerError as err: # Function will fail with 409 error status if IAM instance-profile is # attached to an IAM role with a different name. That's intentional as # it is not an hc2002 role. if err.status != 404 \ and (err.status != 400 or err.error_code != 'ValidationError'): # Instance profile doesn't exist raise try: _delete_role_policies(name) iam.delete_role(name) except boto.exception.BotoServerError as err: if err.status != 404 \ and (err.status != 400 or err.error_code != 'ValidationError'): # Role doesn't exist raise