module Convection::DSL::Template::Resource::IAMRole
Role DSL
Public Instance Methods
allow_instance_termination(&block)
click to toggle source
Add a policy to allow instance to self-terminate
# File lib/convection/model/template/resource/aws_iam_role.rb, line 64 def allow_instance_termination(&block) with_instance_profile if instance_profile.nil? term_policy = Model::Template::Resource::IAMPolicy.new("#{ name }TerminationPolicy", @template) term_policy.policy_name('allow-instance-termination') parent_role = self term_policy.allow do action 'ec2:TerminateInstances' resource '*' condition :StringEquals => { 'ec2:InstanceProfile' => get_att(parent_role.instance_profile.name, 'Arn') } end term_policy.role(self) term_policy.depends_on(instance_profile) term_policy.instance_exec(&block) if block @template.resources[term_policy.name] = term_policy end
assume_role_policy(policy_name, &block)
click to toggle source
# File lib/convection/model/template/resource/aws_iam_role.rb, line 9 def assume_role_policy(policy_name, &block) @trust_relationship = Model::Mixin::Policy.new(:name => policy_name, :template => @template) trust_relationship.instance_exec(&block) if block end
policy(policy_name, &block)
click to toggle source
# File lib/convection/model/template/resource/aws_iam_role.rb, line 14 def policy(policy_name, &block) add_policy = Model::Mixin::Policy.new(:name => policy_name, :template => @template) add_policy.instance_exec(&block) if block policies << add_policy end
trust_cloudtrail(&block)
click to toggle source
Add a canned trust policy for Cloudtrail
# File lib/convection/model/template/resource/aws_iam_role.rb, line 59 def trust_cloudtrail(&block) trust_service('cloudtrail', 'trust-cloudtrail-instances', &block) end
trust_ec2_instances(&block)
click to toggle source
Add a canned trust policy for EC2 instances
# File lib/convection/model/template/resource/aws_iam_role.rb, line 44 def trust_ec2_instances(&block) trust_service('ec2', 'trust-ec2-instances', &block) end
trust_emr(&block)
click to toggle source
Add a canned trust policy for EMR
# File lib/convection/model/template/resource/aws_iam_role.rb, line 54 def trust_emr(&block) trust_service('elasticmapreduce', 'trust-emr', &block) end
trust_flow_logs(&block)
click to toggle source
Add a canned trust policy for Flow Logs
# File lib/convection/model/template/resource/aws_iam_role.rb, line 49 def trust_flow_logs(&block) trust_service('vpc-flow-logs', 'trust-flow-logs', &block) end
trust_service(name, policy_name = nil, &block)
click to toggle source
Add a canned trust policy for any AWS service
# File lib/convection/model/template/resource/aws_iam_role.rb, line 33 def trust_service(name, policy_name = nil, &block) policy_name ||= "trust-#{name}-service" @trust_relationship = Model::Mixin::Policy.new(:name => policy_name, :template => @template) trust_relationship.allow do action 'sts:AssumeRole' principal :Service => "#{name}.amazonaws.com" end trust_relationship.instance_exec(&block) if block end
with_instance_profile(&block)
click to toggle source
Create an IAM Instance Profile for this role
# File lib/convection/model/template/resource/aws_iam_role.rb, line 22 def with_instance_profile(&block) profile = Model::Template::Resource::IAMInstanceProfile.new("#{ name }Profile", @template) profile.role(self) profile.path(path) profile.instance_exec(&block) if block @instance_profile = profile @template.resources[profile.name] = profile end