wip

Author: aengelas

stacker_blueprints/iam_roles.py

@@ -227,3 +227,68 @@ def create_template(self):
             self.create_lambda_role(role)
 
         self.create_policy()
+
+class IAMRole(RoleBaseBlueprint):
+    """
+    Blueprint to create an IAM role.
+
+    - class_path: stacker_blueprints.iam_roles.IAMRole
+      name: my-role
+        variables:
+          AttachedPolicies:
+          - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess
+          Name: myRole
+          Path: /
+          AssumeRole:
+            - arn:aws:user/alphonse
+    """
+    VARIABLES = {
+        "AttachedPolicies": {
+            "type": list,
+            "description": "List of ARNs of policies to attach",
+            "default": [],
+        },
+        "Name": {
+            "type": str,
+            "description": "The name of the role",
+            "default": "Role",
+        },
+        "Path": {
+            "type": str,
+            "description": "Provide the path",
+            "default": "/",
+        },
+        "AssumeRole": {
+            "type": list,
+            "description": "List of ARNs of entities allowed to assume this role",
+            "default": [],
+        },
+    }
+
+    def create_role(self, name, assumerole_policy):
+        variables = self.get_variables()
+
+        role = t.add_resource(
+            iam.Role(
+                name,
+                Path=variables['Path'],
+                AssumeRolePolicyDocument=assumerole_policy,
+                ManagedPolicyArns=variables['AttachedPolicies'],
+            )
+        )
+
+        t.add_output(
+            Output(name + "RoleName", Value=Ref(role))
+        )
+
+        t.add_output(
+            Output(name + "RoleArn", Value=GetAtt(role.title, "Arn"))
+        )
+
+        self.roles.append(role)
+        return role
+
+    def create_template(self):
+        variables = self.get_variables()
+        self.create_ec2_role(variables["Name"])
+        self.create_policy(variables["Name"])