def create_ec2_instance_role(template, name, managed_policy_arns=None, policies=None):
role_name = name + "Role"
cfnrole = Role(
role_name,
AssumeRolePolicyDocument=Policy(
Statement=[
Statement(
Effect=Allow,
Action=[AssumeRole],
Principal=Principal("Service", ["ec2.amazonaws.com"])
)
]
)
)
if policies:
cfnrole.Policies = policies
if managed_policy_arns:
cfnrole.ManagedPolicyArns = managed_policy_arns
cfnrole = template.add_resource(cfnrole)
profile_name = name + 'Profile'
cfninstanceprofile = template.add_resource(InstanceProfile(
profile_name,
Roles=[Ref(cfnrole)]
))
return {'role': cfnrole, 'profile': profile_name}
def role(template, name, policies):
if policies:
if not isinstance(policies, list):
policies = [policies]
role = Role(name, template=template)
role.RoleName = aws_name(name)
role.AssumeRolePolicyDocument = ASSUME_POLICY_DOCUMENT
role.Path = '/'
if policies:
role.Policies = policies
return role