forked from awsdocs/aws-doc-sdk-examples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
iam_attachuserpolicy.go
96 lines (82 loc) · 3.01 KB
/
iam_attachuserpolicy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
// snippet-comment:[These are tags for the AWS doc team's sample catalog. Do not remove.]
// snippet-sourceauthor:[Doug-AWS]
// snippet-sourcedescription:[Attaches an IAM policy.]
// snippet-keyword:[AWS Identity and Access Management]
// snippet-keyword:[AttachRolePolicy function]
// snippet-keyword:[ListAttachedRolePoliciesPages function]
// snippet-keyword:[Go]
// snippet-sourcesyntax:[go]
// snippet-service:[iam]
// snippet-keyword:[Code Sample]
// snippet-sourcetype:[full-example]
// snippet-sourcedate:[2018-03-16]
/*
Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
This file is licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License. A copy of
the License is located at
http://aws.amazon.com/apache2.0/
This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
*/
package main
import (
"fmt"
"os"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/iam"
)
// Usage:
// go run iam_attachuserpolicy.go <role name>
func main() {
// Initialize a session in us-west-2 that the SDK will use to load
// credentials from the shared credentials file ~/.aws/credentials.
sess, err := session.NewSession(&aws.Config{
Region: aws.String("us-west-2")},
)
// Create a IAM service client.
svc := iam.New(sess)
var pageErr error
policyName := "AmazonDynamoDBFullAccess"
policyArn := "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess"
// Paginate through all role policies. If our role exists on any role
// policy we will set the pageErr and return false. Stopping the
// pagination.
err = svc.ListAttachedRolePoliciesPages(
&iam.ListAttachedRolePoliciesInput{
RoleName: &os.Args[1],
},
func(page *iam.ListAttachedRolePoliciesOutput, lastPage bool) bool {
if page != nil && len(page.AttachedPolicies) > 0 {
for _, policy := range page.AttachedPolicies {
if *policy.PolicyName == policyName {
pageErr = fmt.Errorf("%s is already attached to this role", policyName)
return false
}
}
// We should keep paginating because we did not find our role
return true
}
return false
},
)
if pageErr != nil {
fmt.Println("Error", pageErr)
return
}
if err != nil {
fmt.Println("Error", err)
return
}
_, err = svc.AttachRolePolicy(&iam.AttachRolePolicyInput{
PolicyArn: &policyArn,
RoleName: &os.Args[1],
})
if err != nil {
fmt.Println("Unable to attach role policy to role")
return
}
fmt.Println("Role attached successfully")
}