class ESP::AWSClients
@private
Constants
- AWS_ROLE_NAME
- AWS_ROLE_POLICY_ARN
- ESP_OWNER_ID
Public Instance Methods
create_and_attach_role!(external_account_id)
click to toggle source
# File lib/esp/aws_clients.rb, line 14 def create_and_attach_role!(external_account_id) role = iam.create_role(role_name: AWS_ROLE_NAME, assume_role_policy_document: trust_policy(external_account_id)) iam.attach_role_policy(role_name: AWS_ROLE_NAME, policy_arn: AWS_ROLE_POLICY_ARN) role end
owner_id()
click to toggle source
# File lib/esp/aws_clients.rb, line 20 def owner_id @owner_id ||= ec2.describe_security_groups.security_groups[0].owner_id end
Private Instance Methods
ec2()
click to toggle source
# File lib/esp/aws_clients.rb, line 26 def ec2 @ec2 ||= Aws::EC2::Client.new end
esp_owner_id()
click to toggle source
# File lib/esp/aws_clients.rb, line 34 def esp_owner_id ESP_OWNER_ID.fetch(ESP.env, "762160981991") end
iam()
click to toggle source
# File lib/esp/aws_clients.rb, line 30 def iam @iam ||= Aws::IAM::Client.new end
trust_policy(external_account_id)
click to toggle source
# File lib/esp/aws_clients.rb, line 38 def trust_policy(external_account_id) <<-TRUST_POLICY.gsub(/^\s*/, '') { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::#{esp_owner_id}:root" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "#{external_account_id}" } } } ] } TRUST_POLICY end