def create_service_linked_role(self):
service_name = self._get_param("AWSServiceName")
description = self._get_param("Description")
# TODO: how to support "CustomSuffix" API request parameter?
policy_doc = json.dumps({
"Version":
"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": service_name
},
"Action": "sts:AssumeRole",
}],
})
path = f"{SERVICE_LINKED_ROLE_PATH_PREFIX}/{service_name}"
role_name = f"r-{short_uid()}"
role = moto_iam_backend.create_role(
role_name=role_name,
assume_role_policy_document=policy_doc,
path=path,
permissions_boundary="",
description=description,
tags={},
max_session_duration=3600,
)
template = self.response_template(GET_ROLE_TEMPLATE)
role.service_linked_role_arn = "arn:aws:iam::{0}:role/aws-service-role/{1}/{2}".format(
constants.TEST_AWS_ACCOUNT_ID, service_name, role.name)
result = re.sub(
r"<(/)?GetRole",
r"<\1CreateServiceLinkedRole",
template.render(role=role),
)
return result
def create_service_linked_role(self):
name_prefix = 'service-linked-role'
service_name = self._get_param('AWSServiceName')
description = self._get_param('Description')
# TODO: how to support "CustomSuffix" API request parameter?
policy_doc = json.dumps({
'Version':
'2012-10-17',
'Statement': [{
'Effect': 'Allow',
'Principal': {
'Service': service_name
},
'Action': 'sts:AssumeRole'
}]
})
role = moto_iam_backend.create_role(
role_name='%s-%s' % (name_prefix, short_uid()),
assume_role_policy_document=policy_doc,
path='/',
permissions_boundary='',
description=description,
tags={},
max_session_duration=3600)
template = self.response_template(GET_ROLE_TEMPLATE)
role.service_linked_role_arn = 'arn:aws:iam::{0}:role/aws-service-role/{1}/{2}'.format(
constants.TEST_AWS_ACCOUNT_ID, service_name, role.name)
result = re.sub(r'<(/)?GetRole', r'<\1CreateServiceLinkedRole',
template.render(role=role))
return result
def create_service_linked_role(
self,
context: RequestContext,
aws_service_name: groupNameType,
description: roleDescriptionType = None,
custom_suffix: customSuffixType = None,
) -> CreateServiceLinkedRoleResponse:
# TODO: test
# TODO: how to support "CustomSuffix" API request parameter?
policy_doc = json.dumps({
"Version":
"2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": aws_service_name
},
"Action": "sts:AssumeRole",
}],
})
path = f"{SERVICE_LINKED_ROLE_PATH_PREFIX}/{aws_service_name}"
role_name = f"r-{short_uid()}"
role = moto_iam_backend.create_role(
role_name=role_name,
assume_role_policy_document=policy_doc,
path=path,
permissions_boundary="",
description=description,
tags={},
max_session_duration=3600,
)
role.service_linked_role_arn = "arn:aws:iam::{0}:role/aws-service-role/{1}/{2}".format(
constants.TEST_AWS_ACCOUNT_ID, aws_service_name, role.name)
res_role = self.moto_role_to_role_type(role)
return CreateServiceLinkedRoleResponse(Role=res_role)