DatadogAWSIntegrationSwitch.sh

#!/usr/bin/env bash

ROLE_NAME="DatadogIntegrationRole"

TEMP=$(mktemp)

aws iam get-role --role-name DatadogIntegrationRole | jq '.Role.AssumeRolePolicyDocument' > "${TEMP}"

cat "${TEMP}"

EFFECT=$(cat "${TEMP}" | jq '.Statement[0].Effect')

echo "Effect=${EFFECT}"

#exit 1

if [ "${EFFECT}" == "\"Allow\"" ] ; then
	echo "Turning OFF ${ROLE_NAME} was Allow, setting to Deny."
	TEMP_OFF=$(mktemp)
	cat "${TEMP}" | jq '.Statement[0].Effect = "Deny"' > "${TEMP_OFF}"
	aws iam update-assume-role-policy \
	--role-name "${ROLE_NAME}" \
	--policy-document "file://${TEMP_OFF}"
	cat "${TEMP_OFF}"
	rm "${TEMP_OFF}"
elif [ "${EFFECT}" == "\"Deny\"" ] ; then
	echo "Turning ON ${ROLE_NAME} was Deny, setting to Allow."
	TEMP_ON=$(mktemp)
	cat "${TEMP}" | jq '.Statement[0].Effect = "Allow"' > "${TEMP_ON}"
	aws iam update-assume-role-policy \
	--role-name "${ROLE_NAME}" \
	--policy-document "file://${TEMP_ON}"
	cat "${TEMP_ON}"
	rm "${TEMP_ON}"
else
	echo "Effect ${EFFECT} unknown"
fi

rm "${TEMP}"