Last active
December 14, 2015 21:49
-
-
Save garnaat/5154381 to your computer and use it in GitHub Desktop.
Create an IAM Role. See comment below for links to JSON policy files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto | |
| # Create a connection to the Identity & Access Management Service | |
| iam = boto.connect_iam() | |
| # Create a new user | |
| user_data = iam.create_user('pycon') | |
| # Create a new group | |
| group_data = iam.create_group('pythonistas') | |
| # Add a policy to the group that allows them to launch instances | |
| # and assign a role to an instance via the console. | |
| with open('pycon_iam_policy.json') as fp: | |
| iam.put_group_policy(group_data.group_name, 'launch_policy', fp.read()) | |
| # Add the user to the group | |
| iam.add_user_to_group(group_data.group_name, user_data.user_name) | |
| # Add a login profile to user so they can login to the console | |
| iam.create_login_profile(user_data.user_name, 'changeme') | |
| # Now create an IAM Role that user can use when running an instance | |
| role_data = iam.create_role('read_prod_s3_role') | |
| # Now create the Instance Profile to hold the role | |
| ip_data = iam.create_instance_profile('read_prod_s3_profile') | |
| # Now associate the Role with the Instance Profile | |
| iam.add_role_to_instance_profile('read_prod_s3_profile', 'read_prod_s3_role') | |
| # Now add the S3 policy to the Role | |
| with open('pycon_s3_policy.json') as fp: | |
| iam.put_role_policy(role_data.role_name, 'read_prod_s3', fp.read()) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See https://gist.github.com/garnaat/5154407 and https://gist.github.com/garnaat/5154413 for the JSON policy files.