### Import the libraries

In [1]:
import boto3
import configparser
import json

### Read the necessary credentials from the config file (dwh.cfg)

In [5]:
config = configparser.ConfigParser()
config.read_file(open('dwh.cfg'))

KEY = config.get('USER', 'KEY')
SECRET = config.get('USER', 'SECRET')

### Create client to IAM role

In [6]:
iam = boto3.client('iam', region_name = 'us-west-2', aws_access_key_id = KEY, aws_secret_access_key = SECRET)

### Create the role, attach policy and get the role's ARN

In [7]:
from botocore.exceptions import ClientError 

try:
    print('1.1. Creating a new IAM role')
    dwhRole = iam.create_role(
    Path = '/', 
    RoleName = 'dwhRole',
    Description = 'Allows Redshift clusters to call AWS servicies on your behalf',
    AssumeRolePolicyDocument = json.dumps(
    {'Statement': [{'Action': 'sts:AssumeRole',
               'Effect': 'Allow',
               'Principal': {'Service': 'redshift.amazonaws.com'}}],
             'Version': '2012-10-17'})
    )    
    
        
except Exception as e:
    print(e)

1.1. Creating a new IAM role


In [8]:
print('1.2. Attaching policy')

iam.attach_role_policy(RoleName = 'dwhRole', 
             PolicyArn = 'arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess',
                      )['ResponseMetadata']['HTTPStatusCode']

print('1.3. Get IAM role ARN')
roleArn = iam.get_role(RoleName = 'dwhRole')['Role']['Arn']

print(roleArn)

1.2. Attaching policy
1.3. Get IAM role ARN
arn:aws:iam::788040861716:role/dwhRole
