def create_assetstore_iam_user(bucket_name): import boto.iam iam = boto.iam.IAMConnection() username = bucket_name + '-user' iam.create_user(username) access_key = iam.create_access_key(username) result = access_key['create_access_key_response']['create_access_key_result']['access_key'] access_key_id = result['access_key_id'] secret_access_key = result['secret_access_key'] policyname = username + '-s3-policy' policy_json = """{ "Version": "2012-10-17", "Statement": [ { "Action": "s3:*", "Effect": "Allow", "Resource": [ "arn:aws:s3:::%s", "arn:aws:s3:::%s/*" ] } ] }""" % (bucket_name, bucket_name) iam.put_user_policy(username, policyname, policy_json) return username, access_key_id, secret_access_key
def create_user(module, iam, name, pwd, path, key_state, key_count): key_qty = 0 keys = [] try: user_meta = iam.create_user( name, path).create_user_response.create_user_result.user changed = True if pwd is not None: pwd = iam.create_login_profile(name, pwd) if key_state in ['create']: if key_count: while key_count > key_qty: keys.append( iam.create_access_key( user_name=name).create_access_key_response. create_access_key_result.access_key) key_qty += 1 else: keys = None except boto.exception.BotoServerError as err: module.fail_json(changed=False, msg=str(err)) else: user_info = dict(created_user=user_meta, password=pwd, access_keys=keys) return (user_info, changed)
def create_users(): try: iam.create_group(group) except boto.exception.BotoServerError as e: if e.code == 'EntityAlreadyExists': print e.message + " Will overwrite." else: print "Exception: %s" % str(e) exit(1) # attach policy to group # security policy: allows access to everything but IAM # if the IAM lab is included in the day, then remove the line "NotAction": "iam:*", policy = '''{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "NotAction": "iam:*", "Resource": "*" } ] }''' iam.put_group_policy(group, policy_name, policy) # add users to group with open(DATA_FILE_NAME, 'rU') as data_file: user_reader = csv.reader(data_file) for row in user_reader: user, password = row[0], row[1] try: iam.create_user(user) iam.create_login_profile(user, password) iam.add_user_to_group(group, user) print("Added " + user) except boto.exception.BotoServerError as e: print "Problems creating %s. Exiting due to error: %s" % ( user, str(e.message)) exit(1) print "Users created. They can login to the AWS Console using this link: " + iam.get_signin_url( )
def create_users(): try: iam.create_group(group) except boto.exception.BotoServerError as e: if e.code == 'EntityAlreadyExists': print e.message + " Will overwrite." else: print "Exception: %s" % str(e) exit(1) # attach policy to group # security policy: allows access to everything but IAM # if the IAM lab is included in the day, then remove the line "NotAction": "iam:*", policy = '''{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "NotAction": "iam:*", "Resource": "*" } ] }''' iam.put_group_policy(group, policy_name, policy) # add users to group with open(DATA_FILE_NAME, 'rU') as data_file: user_reader = csv.reader(data_file) for row in user_reader: user, password = row[0], row[1] try: iam.create_user(user) iam.create_login_profile(user, password) iam.add_user_to_group(group, user) print("Added " + user) except boto.exception.BotoServerError as e: print "Problems creating %s. Exiting due to error: %s" % (user, str(e.message)) exit(1) print "Users created. They can login to the AWS Console using this link: " + iam.get_signin_url()
def create_user(iam, name, pwd, path, key_state): user_meta = iam.create_user( name, path).create_user_response.create_user_result.user changed = True if pwd is not None: pwd = iam.create_login_profile(name, pwd) if key_state in ['create', 'active']: keys = iam.create_access_key( user_name=name).create_access_key_response.\ create_access_key_result.\ access_key else: keys = None user_info = dict(created_user=user_meta, password=pwd, access_keys=keys) return (user_info, changed)
def create_user(module, iam, name, pwd, path, key_state, key_count): key_qty = 0 keys = [] try: user_meta = iam.create_user( name, path).create_user_response.create_user_result.user changed = True if pwd is not None: pwd = iam.create_login_profile(name, pwd) if key_state in ['create']: if key_count: while key_count > key_qty: keys.append(iam.create_access_key( user_name=name).create_access_key_response.\ create_access_key_result.\ access_key) key_qty += 1 else: keys = None except boto.exception.BotoServerError, err: module.fail_json(changed=False, msg=str(err))