How to use attach_role_policy method in localstack

Best Python code snippet using localstack_python

update_role.py

Source:update_role.py Github

copy

Full Screen

...61 PolicyName=policy_name_1,62 PolicyDocument=template_policy,63 Description='string'64 )65 response =sts_client.attach_role_policy(66 RoleName=role_name,67 PolicyArn="arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy") 68 response2 =sts_client.attach_role_policy(69 RoleName=role_name,70 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_1}")71 72 except botocore.exceptions.ClientError as error:73 response =sts_client.attach_role_policy(74 RoleName=role_name,75 PolicyArn="arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy") 76 77 response2 =sts_client.attach_role_policy(78 RoleName=role_name,79 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_1}")80 81 82 except botocore.exceptions.ClientError as error:83 json_file= {84 "Version": "2012-10-17",85 "Statement": [86 {87 "Effect": "Allow",88 "Principal": {89 "Service": "ecs-tasks.amazonaws.com"90 },91 "Action": "sts:AssumeRole",92 "Condition": {}93 }94 ]95 }96 97 template = json.dumps(json_file)98 template = str(template)99 100 policy_document_1={101 "Version": "2012-10-17",102 "Statement": [103 {104 "Effect": "Allow",105 "Action": [106 "logs:CreateLogGroup"107 ],108 "Resource": "*"109 }]}110 111 template_policy =json.dumps(policy_document_1)112 template_policy = str(template_policy)113 114 try:115 response = sts_client.create_policy(116 PolicyName=policy_name_1,117 PolicyDocument=template_policy,118 Description='string'119 )120 role = sts_client.create_role(121 RoleName =role_name,122 AssumeRolePolicyDocument = template123 )124 response =sts_client.attach_role_policy(125 RoleName=role_name,126 PolicyArn="arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy") 127 response2 =sts_client.attach_role_policy(128 RoleName=role_name,129 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_1}") 130 131 except botocore.exceptions.ClientError as error:132 role = sts_client.create_role(133 RoleName =role_name,134 AssumeRolePolicyDocument = template135 )136 response =sts_client.attach_role_policy(137 RoleName=role_name,138 PolicyArn="arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy")139 response2 =sts_client.attach_role_policy(140 RoleName=role_name,141 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_1}") 142 try:143 response = sts_client.get_role(144 RoleName=role_name_1145 ) 146 if len(response["Role"]) > 0:147 policy_document_2={148 "Version": "2012-10-17",149 "Statement": [150 {151 "Effect": "Allow",152 "Action": [153 "sts:AssumeRole"154 ],155 "Resource": "arn:aws:iam::*:role/KB-AuditFramework-ContainerScan-AssumeRole"156 }157 ]158 }159 160 template_policy_2 =json.dumps(policy_document_2)161 template_policy_2 = str(template_policy_2)162 policy_document_3={163 "Version": "2012-10-17",164 "Statement": [165 {166 "Effect": "Allow",167 "Action": [168 "kinesis:PutRecord"169 ],170 "Resource": f"arn:aws:kinesis:*:{account_num}:stream/kb-*"171 }172 ]173 }174 175 template_policy_3 =json.dumps(policy_document_3)176 template_policy_3 = str(template_policy_3) 177 try:178 response = sts_client.create_policy(179 PolicyName=policy_name_2,180 PolicyDocument=template_policy_2,181 Description='string'182 )183 response = sts_client.create_policy(184 PolicyName=policy_name_3,185 PolicyDocument=template_policy_3,186 Description='string'187 ) 188 response =sts_client.attach_role_policy(189 RoleName=role_name_1,190 PolicyArn="arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess")191 192 response2 =sts_client.attach_role_policy(193 RoleName=role_name_1,194 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_2}")195 response3 =sts_client.attach_role_policy(196 RoleName=role_name_1,197 PolicyArn="arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly")198 response4 =sts_client.attach_role_policy(199 RoleName=role_name_1,200 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_3}")201 202 203 except botocore.exceptions.ClientError as error:204 response =sts_client.attach_role_policy(205 RoleName=role_name_1,206 PolicyArn="arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess")207 208 response2 =sts_client.attach_role_policy(209 RoleName=role_name_1,210 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_2}")211 response3 =sts_client.attach_role_policy(212 RoleName=role_name_1,213 PolicyArn="arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly") 214 response4 =sts_client.attach_role_policy(215 RoleName=role_name_1,216 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_3}") 217 218 except botocore.exceptions.ClientError as error:219 json_file_1= {220 "Version": "2012-10-17",221 "Statement": [222 {223 "Effect": "Allow",224 "Principal": {225 "Service": "ec2.amazonaws.com"226 },227 "Action": "sts:AssumeRole",228 "Condition": {}229 }230 ]231 }232 233 template_1 = json.dumps(json_file_1)234 template_1 = str(template_1)235 236 policy_document_2={237 "Version": "2012-10-17",238 "Statement": [239 {240 "Effect": "Allow",241 "Action": [242 "sts:AssumeRole"243 ],244 "Resource": "arn:aws:iam::*:role/KB-AuditFramework-ContainerScan-AssumeRole"245 }246 ]247 }248 249 template_policy_2 =json.dumps(policy_document_2)250 template_policy_2 = str(template_policy_2)251 policy_document_3={252 "Version": "2012-10-17",253 "Statement": [254 {255 "Effect": "Allow",256 "Action": [257 "kinesis:PutRecord"258 ],259 "Resource": f"arn:aws:kinesis:*:{account_num}:stream/kb-*"260 }261 ]262 }263 264 template_policy_3 =json.dumps(policy_document_3)265 template_policy_3 = str(template_policy_3) 266 try:267 response = sts_client.create_policy(268 PolicyName=policy_name_2,269 PolicyDocument=template_policy_2,270 Description='string'271 )272 response = sts_client.create_policy(273 PolicyName=policy_name_3,274 PolicyDocument=template_policy_3,275 Description='string'276 ) 277 role = sts_client.create_role(278 RoleName =role_name_1,279 AssumeRolePolicyDocument = template_1 280 ) 281 response =sts_client.attach_role_policy(282 RoleName=role_name_1,283 PolicyArn="arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess")284 285 response2 =sts_client.attach_role_policy(286 RoleName=role_name_1,287 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_2}")288 response3 =sts_client.attach_role_policy(289 RoleName=role_name_1,290 PolicyArn="arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly")291 response4 =sts_client.attach_role_policy(292 RoleName=role_name_1,293 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_3}") 294 295 296 except botocore.exceptions.ClientError as error:297 role = sts_client.create_role(298 RoleName =role_name_1,299 AssumeRolePolicyDocument = template_1 300 ) 301 response =sts_client.attach_role_policy(302 RoleName=role_name_1,303 PolicyArn="arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess")304 305 response2 =sts_client.attach_role_policy(306 RoleName=role_name_1,307 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_2}")308 response3 =sts_client.attach_role_policy(309 RoleName=role_name_1,310 PolicyArn="arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly")311 response4 =sts_client.attach_role_policy(312 RoleName=role_name_1,313 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_3}") 314 try:315 response = sts_client.get_role(316 RoleName=role_name_2317 ) 318 if len(response["Role"]) > 0:319 policy_document_4={320 "Version": "2012-10-17",321 "Statement": [322 {323 "Effect": "Allow",324 "Action": [325 "servicecatalog:*"326 ],327 "Resource": "*",328 "Condition": {329 "StringEquals": {330 "servicecatalog:roleLevel": "self"331 }332 }333 }334 ]335 }336 337 template_policy_4 =json.dumps(policy_document_4)338 template_policy_4 = str(template_policy_4)339 policy_document_5= {340 "Version": "2012-10-17",341 "Statement": [342 {343 "Effect": "Allow",344 "Action": [345 "ecs:RunTask",346 "ecs:RegisterTaskDefinition",347 "ecs:DescribeTaskDefinition"348 ],349 "Resource": "*"350 },351 {352 "Effect": "Allow",353 "Action": [354 "iam:PassRole"355 ],356 "Resource": [357 "arn:aws:iam::*:role/KB-AuditFramework-TaskRole",358 "arn:aws:iam::*:role/KB-AuditFramework-TaskExecutionRole"359 ],360 "Condition": {361 "StringLike": {362 "iam:PassedToService": "ecs-tasks.amazonaws.com"363 }364 }365 }366 ]367 }368 369 template_policy_5 =json.dumps(policy_document_5)370 template_policy_5 = str(template_policy_5) 371 372 policy_document_6= {373 "Version": "2012-10-17",374 "Statement": [375 {376 "Effect": "Allow",377 "Action": [378 "s3:GetObject"379 ],380 "Resource": "arn:aws:s3:::KbAuditAccountParamBuckets"381 },382 {383 "Effect": "Allow",384 "Action": [385 "s3:PutObject",386 "s3:PutObjectAcl"387 ],388 "Resource": "arn:aws:s3:::KbAuditAccountResultsBuckets" 389 }390 ]391 }392 393 template_policy_6 =json.dumps(policy_document_6)394 template_policy_6 = str(template_policy_6)395 policy_document_7= {396 "Version": "2012-10-17",397 "Statement": [398 {399 "Effect": "Allow",400 "Action": [401 "ssm:PutParameter",402 "ssm:Get*",403 "ssm:DeleteParameter"404 ],405 "Resource": f"arn:aws:ssm:*:{account_num}:parameter/CirrusScan/*"406 407 }408 ]409 }410 411 template_policy_7 =json.dumps(policy_document_7)412 template_policy_7 = str(template_policy_7) 413 policy_document_8= {414 "Version": "2012-10-17",415 "Statement": [416 {417 "Effect": "Allow",418 "Action": [419 "securityhub:BatchImportFindings",420 "securityhub:BatchUpdateFindings"421 ],422 "Resource": "*"423 }424 ]425 }426 427 template_policy_8 =json.dumps(policy_document_8)428 template_policy_8 = str(template_policy_8)429 430 policy_document_9={431 "Version": "2012-10-17",432 "Statement": [433 {434 "Effect": "Allow",435 "Action": [436 "sts:AssumeRole"437 ],438 "Resource": "arn:aws:iam::*:role/KB-AuditFramework-SecretsManagerReadOnlyRole"439 }440 ]441 }442 443 template_policy_9 =json.dumps(policy_document_9)444 template_policy_9 = str(template_policy_9)445 446 policy_document_10= {447 "Version": "2012-10-17",448 "Statement": [449 {450 "Effect": "Allow",451 "Action": [452 "SNS:Publish"453 ],454 "Resource": f"arn:aws:sns:*:{account_num}:AuditSNSTopic"455 456 }457 ]458 }459 template_policy_10 =json.dumps(policy_document_10)460 template_policy_10 = str(template_policy_10)461 462 try:463 response = sts_client.create_policy(464 PolicyName=policy_name_4,465 PolicyDocument=template_policy_4,466 Description='string'467 )468 response = sts_client.create_policy(469 PolicyName=policy_name_5,470 PolicyDocument=template_policy_5,471 Description='string'472 ) 473 response = sts_client.create_policy(474 PolicyName=policy_name_6,475 PolicyDocument=template_policy_6,476 Description='string'477 ) 478 response = sts_client.create_policy(479 PolicyName=policy_name_7,480 PolicyDocument=template_policy_7,481 Description='string'482 ) 483 response = sts_client.create_policy(484 PolicyName=policy_name_8,485 PolicyDocument=template_policy_8,486 Description='string'487 ) 488 response = sts_client.create_policy(489 PolicyName=policy_name_9,490 PolicyDocument=template_policy_9,491 Description='string'492 ) 493 response = sts_client.create_policy(494 PolicyName=policy_name_10,495 PolicyDocument=template_policy_10,496 Description='string'497 ) 498 response =sts_client.attach_role_policy(499 RoleName=role_name_2,500 PolicyArn="arn:aws:iam::aws:policy/SecurityAudit")501 502 response2 =sts_client.attach_role_policy(503 RoleName=role_name_2,504 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_4}")505 response3 =sts_client.attach_role_policy(506 RoleName=role_name_2,507 PolicyArn="arn:aws:iam::aws:policy/ReadOnlyAccess")508 response4 =sts_client.attach_role_policy(509 RoleName=role_name_2,510 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_5}")511 response5 =sts_client.attach_role_policy(512 RoleName=role_name_2,513 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_6}")514 response6 =sts_client.attach_role_policy(515 RoleName=role_name_2,516 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_7}")517 response7 =sts_client.attach_role_policy(518 RoleName=role_name_2,519 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_8}")520 response8 =sts_client.attach_role_policy(521 RoleName=role_name_2,522 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_9}") 523 response9 =sts_client.attach_role_policy(524 RoleName=role_name_2,525 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_10}")526 527 528 529 except botocore.exceptions.ClientError as error:530 response =sts_client.attach_role_policy(531 RoleName=role_name_2,532 PolicyArn="arn:aws:iam::aws:policy/SecurityAudit")533 534 response2 =sts_client.attach_role_policy(535 RoleName=role_name_2,536 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_4}")537 response3 =sts_client.attach_role_policy(538 RoleName=role_name_2,539 PolicyArn="arn:aws:iam::aws:policy/ReadOnlyAccess")540 response4 =sts_client.attach_role_policy(541 RoleName=role_name_2,542 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_5}")543 response5 =sts_client.attach_role_policy(544 RoleName=role_name_2,545 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_6}")546 response6 =sts_client.attach_role_policy(547 RoleName=role_name_2,548 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_7}")549 response7 =sts_client.attach_role_policy(550 RoleName=role_name_2,551 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_8}")552 response8 =sts_client.attach_role_policy(553 RoleName=role_name_2,554 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_9}") 555 response9 =sts_client.attach_role_policy(556 RoleName=role_name_2,557 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_10}")558 559 560 561 except botocore.exceptions.ClientError as error:562 json_file_2= {563 "Version": "2012-10-17",564 "Statement": [565 {566 "Effect": "Allow",567 "Principal": {568 "Service": "ec2.amazonaws.com"569 },570 "Action": "sts:AssumeRole",571 "Condition": {}572 }573 ]574 }575 576 template_2 = json.dumps(json_file_2)577 template_2 = str(template_2)578 579 policy_document_4={580 "Version": "2012-10-17",581 "Statement": [582 {583 "Effect": "Allow",584 "Action": [585 "servicecatalog:*"586 ],587 "Resource": "*",588 "Condition": {589 "StringEquals": {590 "servicecatalog:roleLevel": "self"591 }592 }593 }594 ]595 }596 597 template_policy_4 =json.dumps(policy_document_4)598 template_policy_4 = str(template_policy_4)599 policy_document_5= {600 "Version": "2012-10-17",601 "Statement": [602 {603 "Effect": "Allow",604 "Action": [605 "ecs:RunTask",606 "ecs:RegisterTaskDefinition",607 "ecs:DescribeTaskDefinition"608 ],609 "Resource": "*"610 },611 {612 "Effect": "Allow",613 "Action": [614 "iam:PassRole"615 ],616 "Resource": [617 "arn:aws:iam::*:role/KB-AuditFramework-TaskRole",618 "arn:aws:iam::*:role/KB-AuditFramework-TaskExecutionRole"619 ],620 "Condition": {621 "StringLike": {622 "iam:PassedToService": "ecs-tasks.amazonaws.com"623 }624 }625 }626 ]627 }628 629 template_policy_5 =json.dumps(policy_document_5)630 template_policy_5 = str(template_policy_5) 631 632 policy_document_6= {633 "Version": "2012-10-17",634 "Statement": [635 {636 "Effect": "Allow",637 "Action": [638 "s3:GetObject"639 ],640 "Resource": "arn:aws:s3:::KbAuditAccountParamBuckets"641 },642 {643 "Effect": "Allow",644 "Action": [645 "s3:PutObject",646 "s3:PutObjectAcl"647 ],648 "Resource": "arn:aws:s3:::KbAuditAccountResultsBuckets" 649 }650 ]651 }652 653 template_policy_6 =json.dumps(policy_document_6)654 template_policy_6 = str(template_policy_6)655 policy_document_7= {656 "Version": "2012-10-17",657 "Statement": [658 {659 "Effect": "Allow",660 "Action": [661 "ssm:PutParameter",662 "ssm:Get*",663 "ssm:DeleteParameter"664 ],665 "Resource": f"arn:aws:ssm:*:{account_num}:parameter/CirrusScan/*"666 667 }668 ]669 }670 671 template_policy_7 =json.dumps(policy_document_7)672 template_policy_7 = str(template_policy_7) 673 policy_document_8= {674 "Version": "2012-10-17",675 "Statement": [676 {677 "Effect": "Allow",678 "Action": [679 "securityhub:BatchImportFindings",680 "securityhub:BatchUpdateFindings"681 ],682 "Resource": "*"683 }684 ]685 }686 687 template_policy_8 =json.dumps(policy_document_8)688 template_policy_8 = str(template_policy_8)689 690 policy_document_9={691 "Version": "2012-10-17",692 "Statement": [693 {694 "Effect": "Allow",695 "Action": [696 "sts:AssumeRole"697 ],698 "Resource": "arn:aws:iam::*:role/KB-AuditFramework-SecretsManagerReadOnlyRole"699 }700 ]701 }702 703 template_policy_9 =json.dumps(policy_document_9)704 template_policy_9 = str(template_policy_9)705 706 policy_document_10= {707 "Version": "2012-10-17",708 "Statement": [709 {710 "Effect": "Allow",711 "Action": [712 "SNS:Publish"713 ],714 "Resource": f"arn:aws:sns:*:{account_num}:AuditSNSTopic"715 716 }717 ]718 }719 template_policy_10 =json.dumps(policy_document_10)720 template_policy_10 = str(template_policy_10)721 722 try:723 response = sts_client.create_policy(724 PolicyName=policy_name_4,725 PolicyDocument=template_policy_4,726 Description='string'727 )728 response = sts_client.create_policy(729 PolicyName=policy_name_5,730 PolicyDocument=template_policy_5,731 Description='string'732 ) 733 response = sts_client.create_policy(734 PolicyName=policy_name_6,735 PolicyDocument=template_policy_6,736 Description='string'737 ) 738 response = sts_client.create_policy(739 PolicyName=policy_name_7,740 PolicyDocument=template_policy_7,741 Description='string'742 ) 743 response = sts_client.create_policy(744 PolicyName=policy_name_8,745 PolicyDocument=template_policy_8,746 Description='string'747 ) 748 response = sts_client.create_policy(749 PolicyName=policy_name_9,750 PolicyDocument=template_policy_9,751 Description='string'752 ) 753 response = sts_client.create_policy(754 PolicyName=policy_name_10,755 PolicyDocument=template_policy_10,756 Description='string'757 ) 758 role = sts_client.create_role(759 RoleName =role_name_2,760 AssumeRolePolicyDocument = template_2 761 )762 response =sts_client.attach_role_policy(763 RoleName=role_name_2,764 PolicyArn="arn:aws:iam::aws:policy/SecurityAudit")765 766 response2 =sts_client.attach_role_policy(767 RoleName=role_name_2,768 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_4}")769 response3 =sts_client.attach_role_policy(770 RoleName=role_name_2,771 PolicyArn="arn:aws:iam::aws:policy/ReadOnlyAccess")772 response4 =sts_client.attach_role_policy(773 RoleName=role_name_2,774 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_5}")775 response5 =sts_client.attach_role_policy(776 RoleName=role_name_2,777 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_6}")778 response6 =sts_client.attach_role_policy(779 RoleName=role_name_2,780 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_7}")781 response7 =sts_client.attach_role_policy(782 RoleName=role_name_2,783 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_8}")784 response8 =sts_client.attach_role_policy(785 RoleName=role_name_2,786 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_9}") 787 response9 =sts_client.attach_role_policy(788 RoleName=role_name_2,789 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_10}")790 791 792 793 except botocore.exceptions.ClientError as error:794 role = sts_client.create_role(795 RoleName =role_name_2,796 AssumeRolePolicyDocument = template_2 797 )798 response =sts_client.attach_role_policy(799 RoleName=role_name_2,800 PolicyArn="arn:aws:iam::aws:policy/SecurityAudit")801 802 response2 =sts_client.attach_role_policy(803 RoleName=role_name_2,804 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_4}")805 response3 =sts_client.attach_role_policy(806 RoleName=role_name_2,807 PolicyArn="arn:aws:iam::aws:policy/ReadOnlyAccess")808 response4 =sts_client.attach_role_policy(809 RoleName=role_name_2,810 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_5}")811 response5 =sts_client.attach_role_policy(812 RoleName=role_name_2,813 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_6}")814 response6 =sts_client.attach_role_policy(815 RoleName=role_name_2,816 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_7}")817 response7 =sts_client.attach_role_policy(818 RoleName=role_name_2,819 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_8}")820 response8 =sts_client.attach_role_policy(821 RoleName=role_name_2,822 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_9}") 823 response9 =sts_client.attach_role_policy(824 RoleName=role_name_2,825 PolicyArn=f"arn:aws:iam::{account_num}:policy/{policy_name_10}") 826 except botocore.exceptions.ClientError as error:827 logger.error(f"Error: {error}")828 error_message = error.response["Error"]["Message"]829 sns_client = boto3.client("sns")830 sns_client.publish (831 TopicArn = f"arn:aws:sns:us-east-1:{account_num}:KB_Send_Failure_Notification_Topic",832 Message = f"An error has occured during the scanning process of account {account_num}. The error is: {error_message}",833 Subject = f"Error occured in running scan of {aws_service} on account {account_num}."834 )...

Full Screen

Full Screen

setup_utils.py

Source:setup_utils.py Github

copy

Full Screen

...11 iam_resource = boto3.resource('iam')12 13 role_name = role.split('/')[-1]14 # use python sdk to attach a few more managed policy to sagemaker role15 policy_attach_res = iam_client.attach_role_policy(16 RoleName=role_name,17 PolicyArn="arn:aws:iam::aws:policy/AmazonEC2FullAccess"18 )19 policy_attach_res = iam_client.attach_role_policy(20 RoleName=role_name,21 PolicyArn="arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"22 )23 policy_attach_res = iam_client.attach_role_policy(24 RoleName=role_name,25 PolicyArn="arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"26 )27 policy_attach_res = iam_client.attach_role_policy(28 RoleName=role_name,29 PolicyArn="arn:aws:iam::aws:policy/AmazonSSMFullAccess"30 )31 policy_attach_res = iam_client.attach_role_policy(32 RoleName=role_name,33 PolicyArn="arn:aws:iam::aws:policy/AWSGreengrassFullAccess"34 )35 ec2_role_name = "EdgeManager-Demo-EC2-" + str(time.time()).split(".")[0]36 trust_relationship_ec2_service = {37 "Version": "2012-10-17",38 "Statement": [39 {40 "Effect": "Allow",41 "Principal": {42 "Service": "ec2.amazonaws.com"43 },44 "Action": "sts:AssumeRole"45 }46 ]47 }48 # create EC2 role and its instance profile49 try:50 create_role_res = iam_client.create_role(51 RoleName=ec2_role_name,52 AssumeRolePolicyDocument=json.dumps(trust_relationship_ec2_service),53 Description='This is a EC2 role',54 )55 except ClientError as error:56 if error.response['Error']['Code'] == 'EntityAlreadyExists':57 print('Role already exists... hence exiting from here')58 else:59 print('Unexpected error occurred... Role could not be created', error)60 policy_attach_res = iam_client.attach_role_policy(61 RoleName=ec2_role_name,62 PolicyArn="arn:aws:iam::aws:policy/AmazonS3FullAccess"63 )64 policy_attach_res = iam_client.attach_role_policy(65 RoleName=ec2_role_name,66 PolicyArn="arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"67 )68 policy_attach_res = iam_client.attach_role_policy(69 RoleName=ec2_role_name,70 PolicyArn="arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy"71 )72 policy_attach_res = iam_client.attach_role_policy(73 RoleName=ec2_role_name,74 PolicyArn="arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy"75 )76 account_id = role.split(":")[4]77 # Create a policy78 my_managed_policy = {79 "Version": "2012-10-17",80 "Statement": [81 {82 "Sid": "CreateTokenExchangeRole",83 "Effect": "Allow",84 "Action": [85 "iam:AttachRolePolicy",86 "iam:CreatePolicy",87 "iam:CreateRole",88 "iam:GetPolicy",89 "iam:GetRole",90 "iam:PassRole"91 ],92 "Resource": [93 f"arn:aws:iam::{account_id}:role/{iot_device_role_name}",94 f"arn:aws:iam::{account_id}:policy/{iot_device_role_name}Access",95 f"arn:aws:iam::aws:policy/{iot_device_role_name}Access"96 ]97 },98 {99 "Effect": "Allow",100 "Action": [101 "iot:AddThingToThingGroup",102 "iot:AttachPolicy",103 "iot:AttachThingPrincipal",104 "iot:CreateKeysAndCertificate",105 "iot:CreatePolicy",106 "iot:CreateRoleAlias",107 "iot:CreateThing",108 "iot:CreateThingGroup",109 "iot:DescribeEndpoint",110 "iot:DescribeRoleAlias",111 "iot:DescribeThingGroup",112 "iot:GetPolicy",113 "sts:GetCallerIdentity"114 ],115 "Resource": "*"116 },117 {118 "Sid": "DeployDevTools",119 "Effect": "Allow",120 "Action": [121 "greengrass:CreateDeployment",122 "iot:CancelJob",123 "iot:CreateJob",124 "iot:DeleteThingShadow",125 "iot:DescribeJob",126 "iot:DescribeThing",127 "iot:DescribeThingGroup",128 "iot:GetThingShadow",129 "iot:UpdateJob",130 "iot:UpdateThingShadow"131 ],132 "Resource": "*"133 }134 ]135 }136 response = iam_client.create_policy(137 PolicyName='ggv2_provision_policy' + str(time.time()).split(".")[0],138 PolicyDocument=json.dumps(my_managed_policy)139 )140 policy_attach_res = iam_client.attach_role_policy(141 RoleName=ec2_role_name,142 PolicyArn=response['Policy']['Arn']143 )144 pass_ec2_role_policy = {145 "Version": "2012-10-17",146 "Statement": [147 {148 "Effect": "Allow",149 "Action": "iam:PassRole",150 "Resource": f"arn:aws:iam::{account_id}:role/{ec2_role_name}"151 }152 ]153 }154 response = iam_client.create_policy(155 PolicyName='pass_ec2_role_policy' + str(time.time()).split(".")[0],156 PolicyDocument=json.dumps(pass_ec2_role_policy)157 )158 response = iam_client.create_instance_profile(159 InstanceProfileName=ec2_role_name160 )161 instance_profile = iam_resource.InstanceProfile(162 ec2_role_name163 )164 instance_profile.add_role(165 RoleName=ec2_role_name166 )167 168 ## wait for 10 secs until the instance profile was created fully169 time.sleep(10)170 171 return ec2_role_name172 173def modify_device_role(iot_device_role_name):174 iam_client = boto3.client('iam')175 176 # Create a policy177 download_component_policy = {178 "Version": "2012-10-17",179 "Statement": [180 {181 "Effect": "Allow",182 "Action": [183 "s3:GetObject"184 ],185 "Resource": [186 "arn:aws:s3:::*SageMaker*",187 "arn:aws:s3:::*Sagemaker*",188 "arn:aws:s3:::*sagemaker*"189 ]190 }191 ]192 }193 response = iam_client.create_policy(194 PolicyName='download_component_policy' + str(time.time()).split(".")[0],195 PolicyDocument=json.dumps(download_component_policy)196 )197 policy_attach_res = iam_client.attach_role_policy(198 RoleName=iot_device_role_name,199 PolicyArn=response['Policy']['Arn']200 )201 policy_attach_res = iam_client.attach_role_policy(202 RoleName=iot_device_role_name,203 PolicyArn="arn:aws:iam::aws:policy/service-role/AmazonSageMakerEdgeDeviceFleetPolicy"204 )205 response = iam_client.update_assume_role_policy(206 PolicyDocument='''{207 "Version": "2012-10-17",208 "Statement": [209 {210 "Effect": "Allow",211 "Principal": {"Service": "credentials.iot.amazonaws.com"},212 "Action": "sts:AssumeRole"213 },214 {215 "Effect": "Allow",...

Full Screen

Full Screen

iam_helper.py

Source:iam_helper.py Github

copy

Full Screen

...20 }),21 Description='Role for Lambda to provide S3 read only access'22 )23 role_arn = response['Role']['Arn']24 response = iam.attach_role_policy(25 RoleName=role_name,26 PolicyArn='arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'27 )28 response = iam.attach_role_policy(29 PolicyArn='arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess',30 RoleName=role_name31 )32 print('Waiting 30 seconds for the IAM role to propagate')33 time.sleep(30)34 return role_arn35 except iam.exceptions.EntityAlreadyExistsException:36 print(f'Using ARN from existing role: {role_name}')37 response = iam.get_role(RoleName=role_name)38 return response['Role']['Arn']39 40def create_sagemaker_lambda_role(role_name):41 try:42 response = iam.create_role(43 RoleName = role_name,44 AssumeRolePolicyDocument = json.dumps({45 "Version": "2012-10-17",46 "Statement": [47 {48 "Effect": "Allow",49 "Principal": {50 "Service": "lambda.amazonaws.com"51 },52 "Action": "sts:AssumeRole"53 }54 ]55 }),56 Description='Role for Lambda to call SageMaker functions'57 )58 role_arn = response['Role']['Arn']59 response = iam.attach_role_policy(60 RoleName=role_name,61 PolicyArn='arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'62 )63 response = iam.attach_role_policy(64 PolicyArn='arn:aws:iam::aws:policy/AmazonSageMakerFullAccess',65 RoleName=role_name66 )67 print('Waiting 30 seconds for the IAM role to propagate')68 time.sleep(30)69 return role_arn70 except iam.exceptions.EntityAlreadyExistsException:71 print(f'Using ARN from existing role: {role_name}')72 response = iam.get_role(RoleName=role_name)...

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run localstack automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

... View sample repo... View DocumentationSign up Free
_

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

...
Sign up with GoogleSign up with Email
Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful