10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
# File 'lib/stalkedbybean/role_setup.rb', line 10
def self.setup_IAM
@app_tag = "#{@options[:app_name]}-#{@options[:environment]}"
@client = Aws::IAM::Client.new(region: "#{@options[:aws_region]}", profile: "#{@options[:aws_profile]}")
@iam = Aws::IAM::Resource.new(client: @client)
role_name = "#{@app_tag}-#{@options[:aws_region]}-beanstalk-EC2"
begin
role = self.create_role
puts "Role created"
rescue Aws::IAM::Errors::EntityAlreadyExists
puts "Role already created"
role = @client.get_role({
role_name: role_name
})
end
begin
cred_stash_policy = self.create_cred_stash_policy
puts "Credstash policy created"
rescue Aws::IAM::Errors::EntityAlreadyExists
puts "Credstash policy already created"
policies = @client.list_policies({})
arn = policies.policies.find { |policy| policy.policy_name == "#{@app_tag}-credstash-access" }.arn
cred_stash_policy = @client.get_policy({
policy_arn: arn
})
end
begin
self.attach_policy_to_role(cred_stash_policy.arn, role)
puts "Credstash policy attached"
rescue Exception => ex
puts "Credstash policy already attached"
end
begin
self.attach_policy_to_role("arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier", role)
rescue Exception => ex
puts "AWSElasticBeanstalkWebTier policy already attached"
end
begin
@client.create_instance_profile({
instance_profile_name: role_name
})
puts "Instance profile created"
rescue Exception => ex
puts "Instance profile already created"
end
begin
@client.add_role_to_instance_profile({
instance_profile_name: role_name,
role_name: role_name
})
puts "Role added to instance profile"
rescue Exception => ex
puts "Role has already been added to instance profile"
end
end
|