module AwsPocketknife::Iam

Public Class Methods

add_role_to_instance_profile(role_name,instance_profile_name) click to toggle source
# File lib/aws_pocketknife/iam.rb, line 107
def add_role_to_instance_profile(role_name,instance_profile_name)
  puts "Adding role #{role_name} to instance profile: #{instance_profile_name}"
  iam_client.add_role_to_instance_profile(instance_profile_name: instance_profile_name, role_name: role_name)
  puts "Added role #{role_name} to instance profile: #{instance_profile_name}"
end
add_user_to_group(username,group_name) click to toggle source
# File lib/aws_pocketknife/iam.rb, line 63
def add_user_to_group(username,group_name)
  puts "Attaching user: #{username} to group: #{group_name}"
  iam_client.add_user_to_group(group_name: group_name, user_name: username)
  puts "User: #{username} attached to group: #{group_name}"

end
attach_policy_to_group(policy_name, group_name ) click to toggle source
# File lib/aws_pocketknife/iam.rb, line 51
def attach_policy_to_group(policy_name, group_name )
  puts "Attaching policy #{policy_name} to group #{group_name}"
  arn_number = get_policy_arn(policy_name)

  unless arn_number.nil?
    iam_client.attach_group_policy(group_name: group_name, policy_arn: arn_number)
  else
    puts "The policy #{policy_name} could not be found"
  end
  puts "Policy #{policy_name} attached to group #{group_name}"
end
attach_policy_to_role(role_name, policy_name) click to toggle source
# File lib/aws_pocketknife/iam.rb, line 90
def attach_policy_to_role(role_name, policy_name)
  arn_number = get_policy_arn(policy_name)
  unless arn_number.nil?
    puts "Attach policy: #{policy_name} to role: #{role_name}"
    iam_client.attach_role_policy(role_name: role_name, policy_arn: arn_number)
    puts "Attached policy: #{policy_name} to role: #{role_name}"
  else
    raise "The policy #{policy_name} could not be found"
  end
end
create_group(group_name) click to toggle source
# File lib/aws_pocketknife/iam.rb, line 20
def create_group(group_name)
  puts "Creating group: #{group_name}"
  iam_client.create_group({group_name: group_name})
  puts "Created group: #{group_name}"
end
create_iam_user(username) click to toggle source
# File lib/aws_pocketknife/iam.rb, line 14
def create_iam_user(username)
  puts "Creating iam user: #{username}"
  iam_client.create_user({user_name: username})
  puts "Iam user: #{username} created"
end
create_instance_profile(instance_profile_name) click to toggle source
# File lib/aws_pocketknife/iam.rb, line 101
def create_instance_profile(instance_profile_name)
  puts "Creating instance profile: #{instance_profile_name}"
  iam_client.create_instance_profile(instance_profile_name: instance_profile_name)
  puts "Created instance profile: #{instance_profile_name}"
end
create_policy(policy_name, policy) click to toggle source
# File lib/aws_pocketknife/iam.rb, line 26
def create_policy(policy_name, policy)
  puts "Creating policy: #{policy_name}"
  iam_client.create_policy({policy_name: policy_name,policy_document: policy})
  puts "Created policy: #{policy_name}"
end
create_policy_from_policy_file(policy_name: "", policy_file: "", s3_buckets: "") click to toggle source
# File lib/aws_pocketknife/iam.rb, line 32
def create_policy_from_policy_file(policy_name: "", policy_file: "", s3_buckets: "")
  puts "Creating policy #{policy_name} from saved policy #{policy_file}"
  policy = IO.read(policy_file)
  buckets = get_bucket_list(buckets_list: s3_buckets)
  template = Erubis::Eruby.new(policy)
  vars = {buckets: buckets}

  policy = template.result(vars)

  puts policy

  unless (policy.nil?)
    iam_client.create_policy({policy_name: policy_name, policy_document: policy})
  else
    puts 'Policy not found'
  end
  puts "Created Policy #{policy_name}"
end
create_role(role_name, trust_relationship_file) click to toggle source
# File lib/aws_pocketknife/iam.rb, line 70
def create_role(role_name, trust_relationship_file)
  begin
    if File.exist?(trust_relationship_file)
      trust_relationship = IO.read(trust_relationship_file)
      unless trust_relationship.nil?
        puts "Creating role: #{role_name} with trust relationship #{trust_relationship}"
        iam_client.create_role(role_name: role_name, assume_role_policy_document: trust_relationship)
        puts "Created role: #{role_name} with trust relationship #{trust_relationship}"
      else
        raise "Trust Relationship file could not be loaded"
      end
    else
      raise "Trust Relationship file could not be loaded"
    end
  rescue Exception => e
    puts e
    raise e
  end
end
list_ssl_certificates() click to toggle source
# File lib/aws_pocketknife/iam.rb, line 10
def list_ssl_certificates
  iam_client.list_server_certificates({})
end

Private Class Methods

get_bucket_list(buckets_list: "") click to toggle source
# File lib/aws_pocketknife/iam.rb, line 116
def get_bucket_list(buckets_list: "")
  buckets_list.strip.split(";")
end
get_policy_arn(policy_name) click to toggle source
# File lib/aws_pocketknife/iam.rb, line 120
def get_policy_arn(policy_name)
  response = iam_client.list_policies({scope: 'Local'})
  arn_number = nil
  response.policies.each do |value|
    if value.policy_name == policy_name
      arn_number = value.arn
      break;
    end
  end
  arn_number
end