def get_default_role():
role = DEFAULT_ROLE_NAME
document = iam_documents.EC2_ASSUME_ROLE_PERMISSION
try:
iam.create_role_with_policy(role, document, DEFAULT_ROLE_POLICIES)
except AlreadyExistsError:
pass
return role
def create_default_service_role():
"""
Create the default service role
"""
io.log_info('Creating service role {} with default permissions.'
.format(DEFAULT_SERVICE_ROLE_NAME))
trust_document = _get_default_service_trust_document()
role_name = DEFAULT_SERVICE_ROLE_NAME
try:
iam.create_role_with_policy(role_name, trust_document,
DEFAULT_SERVICE_ROLE_POLICIES)
except NotAuthorizedError as e:
raise NotAuthorizedError(prompts['create.servicerole.nopermissions']
.format(DEFAULT_SERVICE_ROLE_NAME, e))
return DEFAULT_SERVICE_ROLE_NAME
def create_default_service_role():
"""
Create the default service role
"""
io.log_info('Creating service role {} with default permissions.'
.format(DEFAULT_SERVICE_ROLE_NAME))
trust_document = _get_default_service_trust_document()
role_name = DEFAULT_SERVICE_ROLE_NAME
try:
iam.create_role_with_policy(role_name, trust_document,
DEFAULT_SERVICE_ROLE_POLICIES)
except NotAuthorizedError as e:
# NO permissions to create or do something
raise NotAuthorizedError(prompts['create.servicerole.nopermissions']
.format(DEFAULT_SERVICE_ROLE_NAME, e))
return DEFAULT_SERVICE_ROLE_NAME
def _create_instance_role(role_name, policy_arns):
document = iam_documents.EC2_ASSUME_ROLE_PERMISSION
ret = iam.create_role_with_policy(role_name, document, policy_arns)
return ret
