|
public CreatePolicyAsync ( |
||
| request | Container for the necessary parameters to execute the CreatePolicy operation on AmazonIdentityManagementServiceClient. | |
| callback | CreatePolicyResponse>.AmazonServiceCallback | An Action delegate that is invoked when the operation completes. |
| options | A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property. | |
| Результат | void | |
public void CreatePolicyAsync(CreatePolicyRequest request, AmazonServiceCallback<CreatePolicyRequest, CreatePolicyResponse> callback, AsyncOptions options = null)
{
options = options == null?new AsyncOptions():options;
var marshaller = new CreatePolicyRequestMarshaller();
var unmarshaller = CreatePolicyResponseUnmarshaller.Instance;
Action<AmazonWebServiceRequest, AmazonWebServiceResponse, Exception, AsyncOptions> callbackHelper = null;
if(callback !=null )
callbackHelper = (AmazonWebServiceRequest req, AmazonWebServiceResponse res, Exception ex, AsyncOptions ao) => {
AmazonServiceResult<CreatePolicyRequest,CreatePolicyResponse> responseObject
= new AmazonServiceResult<CreatePolicyRequest,CreatePolicyResponse>((CreatePolicyRequest)req, (CreatePolicyResponse)res, ex , ao.State);
callback(responseObject);
};
BeginInvoke<CreatePolicyRequest>(request, marshaller, unmarshaller, options, callbackHelper);
}
|
AmazonIdentityManagementServiceClient::CreatePolicyAsync ( |
public async Task EnsureEc2ServiceRoleExistsAsync(string excuteApiUriForPolicy = "")
{
if (await RoleAlreadyExistsAsync())
{
loggerProvider.GetLogger()
.Debug("Role with roleName {roleName} already exists", configurationProvider.ShortApplicationName);
return;
}
using (
var iamClient = new AmazonIdentityManagementServiceClient(credentials,
configurationProvider.RegionEndpoint))
{
var createRoleResponse = await iamClient.CreateRoleAsync(new CreateRoleRequest
{
RoleName = configurationProvider.ShortApplicationName,
AssumeRolePolicyDocument =
"{\"Version\": \"2012-10-17\", \"Statement\": {\"Effect\": \"Allow\", \"Principal\": { \"Service\": \"ec2.amazonaws.com\"}, \"Action\": \"sts:AssumeRole\"}}"
});
loggerProvider.GetLogger().Debug("The IAM Uri is " + excuteApiUriForPolicy);
if (!string.IsNullOrWhiteSpace(excuteApiUriForPolicy))
{
var policyDocument =
"{\"Version\": \"2012-10-17\", \"Statement\": [{\"Effect\": \"Allow\",\"Action\": [\"execute-api:Invoke\"],\"Resource\": \"arn:aws:execute-api:*:*:" +
excuteApiUriForPolicy + "\"}]}";
loggerProvider.GetLogger().Debug("The new Policy Reads : " + policyDocument);
var newPolicy = await iamClient.CreatePolicyAsync(new CreatePolicyRequest
{
Description =
"Policy to demonstrate that I have permission that is limited to a specific resource in ApiGateway ",
PolicyDocument = policyDocument,
PolicyName = "ResourceInvocation"
});
loggerProvider.GetLogger().Debug("Policy Created: " + newPolicy.Policy.Arn);
await iamClient.AttachRolePolicyAsync(new AttachRolePolicyRequest
{
RoleName = configurationProvider.ShortApplicationName,
PolicyArn = newPolicy.Policy.Arn
});
loggerProvider.GetLogger().Debug("Policy Attach to Role: " + newPolicy.Policy.Arn);
}
loggerProvider.GetLogger().Debug("Created role: {@createRoleResponse}", createRoleResponse);
var createInstanceProfileResponse = iamClient.CreateInstanceProfile(new CreateInstanceProfileRequest
{
InstanceProfileName = configurationProvider.ShortApplicationName
});
loggerProvider.GetLogger()
.Debug("Created instance profile: {@createInstanceProfileResponse}", createInstanceProfileResponse);
var addRoleToInstanceProfileResponse =
iamClient.AddRoleToInstanceProfile(new AddRoleToInstanceProfileRequest
{
InstanceProfileName = configurationProvider.ShortApplicationName,
RoleName = configurationProvider.ShortApplicationName
});
loggerProvider.GetLogger()
.Debug("Added role to instance profile: {@addRoleToInstanceProfileResponse}",
addRoleToInstanceProfileResponse);
}
}
