import json
import boto3
def lambda_handler(event, context):
# TODO implement
iam = boto3.client('iam')
rolename = "ec2-test-s3-access-policy"
ipn = "ec2S3Policy"
ec2policy = "ec2WriteS3"
if 0:
if 0:
rs = iam.create_instance_profile(
InstanceProfileName=ipn,
)
print(rs)
# https://stackoverflow.com/questions/40348753/boto3-create-a-instance-with-an-instanceprofile-iam-role
rs = iam.add_role_to_instance_profile (
InstanceProfileName = ipn,
RoleName = ipn
)
print(rs)
return
if 0:
policy = {
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
}
rs = iam.create_role(
RoleName=ipn,
AssumeRolePolicyDocument=json.dumps(policy),
)
print(rs)
return
if 0:
# Create a policy
policy = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBuckets",
],
"Resource": "*"
},
]
}
rs = iam.create_policy(
PolicyName=ec2policy,
PolicyDocument=json.dumps(policy)
)
print(rs)
return
if 1:
# Update a policy
policy = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBuckets",
],
"Resource": "*"
},
]
}
rs = iam.create_policy_version(
PolicyName=ec2policy,
PolicyDocument=json.dumps(policy),
SetAsDefault=True,
)
print(rs)
return
if 1:
rs = iam.attach_role_policy(
RoleName=ipn,
PolicyArn='arn:aws:iam::<orgid>:policy/ec2WriteS3',
)
print(rs)
if 0:
rs = iam.attach_role_policy(
RoleName=ipn,
PolicyArn='arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM',
)
print(rs)
if 0:
rs = iam.attach_role_policy(
RoleName=rolename,
PolicyArn='arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM',
)
print(rs)
return {
'statusCode': 200,
'body': json.dumps('Hello from Lambda!')
}
Carlos Aguni
Highly motivated self-taught IT analyst. Always learning and ready to explore new skills. An eternal apprentice.
