def create_assetstore_iam_user(bucket_name):
import boto.iam
iam = boto.iam.IAMConnection()
username = bucket_name + '-user'
iam.create_user(username)
access_key = iam.create_access_key(username)
result = access_key['create_access_key_response']['create_access_key_result']['access_key']
access_key_id = result['access_key_id']
secret_access_key = result['secret_access_key']
policyname = username + '-s3-policy'
policy_json = """{
"Version": "2012-10-17",
"Statement": [
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::%s",
"arn:aws:s3:::%s/*"
]
}
]
}""" % (bucket_name, bucket_name)
iam.put_user_policy(username, policyname, policy_json)
return username, access_key_id, secret_access_key
def create_user(module, iam, name, pwd, path, key_state, key_count):
key_qty = 0
keys = []
try:
user_meta = iam.create_user(
name, path).create_user_response.create_user_result.user
changed = True
if pwd is not None:
pwd = iam.create_login_profile(name, pwd)
if key_state in ['create']:
if key_count:
while key_count > key_qty:
keys.append(
iam.create_access_key(
user_name=name).create_access_key_response.
create_access_key_result.access_key)
key_qty += 1
else:
keys = None
except boto.exception.BotoServerError as err:
module.fail_json(changed=False, msg=str(err))
else:
user_info = dict(created_user=user_meta,
password=pwd,
access_keys=keys)
return (user_info, changed)
def create_users():
try:
iam.create_group(group)
except boto.exception.BotoServerError as e:
if e.code == 'EntityAlreadyExists':
print e.message + " Will overwrite."
else:
print "Exception: %s" % str(e)
exit(1)
# attach policy to group
# security policy: allows access to everything but IAM
# if the IAM lab is included in the day, then remove the line "NotAction": "iam:*",
policy = '''{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*"
}
]
}'''
iam.put_group_policy(group, policy_name, policy)
# add users to group
with open(DATA_FILE_NAME, 'rU') as data_file:
user_reader = csv.reader(data_file)
for row in user_reader:
user, password = row[0], row[1]
try:
iam.create_user(user)
iam.create_login_profile(user, password)
iam.add_user_to_group(group, user)
print("Added " + user)
except boto.exception.BotoServerError as e:
print "Problems creating %s. Exiting due to error: %s" % (
user, str(e.message))
exit(1)
print "Users created. They can login to the AWS Console using this link: " + iam.get_signin_url(
)
def create_users():
try:
iam.create_group(group)
except boto.exception.BotoServerError as e:
if e.code == 'EntityAlreadyExists':
print e.message + " Will overwrite."
else:
print "Exception: %s" % str(e)
exit(1)
# attach policy to group
# security policy: allows access to everything but IAM
# if the IAM lab is included in the day, then remove the line "NotAction": "iam:*",
policy = '''{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*"
}
]
}'''
iam.put_group_policy(group, policy_name, policy)
# add users to group
with open(DATA_FILE_NAME, 'rU') as data_file:
user_reader = csv.reader(data_file)
for row in user_reader:
user, password = row[0], row[1]
try:
iam.create_user(user)
iam.create_login_profile(user, password)
iam.add_user_to_group(group, user)
print("Added " + user)
except boto.exception.BotoServerError as e:
print "Problems creating %s. Exiting due to error: %s" % (user, str(e.message))
exit(1)
print "Users created. They can login to the AWS Console using this link: " + iam.get_signin_url()
def create_user(iam, name, pwd, path, key_state):
user_meta = iam.create_user(
name, path).create_user_response.create_user_result.user
changed = True
if pwd is not None:
pwd = iam.create_login_profile(name, pwd)
if key_state in ['create', 'active']:
keys = iam.create_access_key(
user_name=name).create_access_key_response.\
create_access_key_result.\
access_key
else:
keys = None
user_info = dict(created_user=user_meta, password=pwd, access_keys=keys)
return (user_info, changed)
def create_user(module, iam, name, pwd, path, key_state, key_count):
key_qty = 0
keys = []
try:
user_meta = iam.create_user(
name, path).create_user_response.create_user_result.user
changed = True
if pwd is not None:
pwd = iam.create_login_profile(name, pwd)
if key_state in ['create']:
if key_count:
while key_count > key_qty:
keys.append(iam.create_access_key(
user_name=name).create_access_key_response.\
create_access_key_result.\
access_key)
key_qty += 1
else:
keys = None
except boto.exception.BotoServerError, err:
module.fail_json(changed=False, msg=str(err))
