Class: Aws::IAM::Role

Inherits:

Object

• Object
• Aws::IAM::Role

Extended by:

Deprecations

Defined in:

lib/aws-sdk-iam/role.rb

Defined Under Namespace

Classes: Collection

Read-Only Attributes

• #arn ⇒ String

  The Amazon Resource Name (ARN) specifying the role.

• #assume_role_policy_document ⇒ String

  The policy that grants an entity permission to assume the role.

• #create_date ⇒ Time

  The date and time, in [ISO 8601 date-time format], when the role was created.

• #description ⇒ String

  A description of the role that you provide.

• #max_session_duration ⇒ Integer

  The maximum session duration (in seconds) for the specified role.

• #name ⇒ String (also: #role_name)
• #path ⇒ String

  The path to the role.

• #permissions_boundary ⇒ Types::AttachedPermissionsBoundary

  The ARN of the policy used to set the permissions boundary for the role.

• #role_id ⇒ String

  The stable and unique string identifying the role.

• #tags ⇒ Array<Types::Tag>

  A list of tags that are attached to the specified role.

Actions

• #attach_policy(options = {}) ⇒ EmptyStructure
• #delete(options = {}) ⇒ EmptyStructure
• #detach_policy(options = {}) ⇒ EmptyStructure

Associations

• #assume_role_policy ⇒ AssumeRolePolicy
• #attached_policies(options = {}) ⇒ Policy::Collection
• #identifiers ⇒ Object deprecated private Deprecated.
• #instance_profiles(options = {}) ⇒ InstanceProfile::Collection
• #policies(options = {}) ⇒ RolePolicy::Collection
• #policy(name) ⇒ RolePolicy

Instance Method Summary

• #client ⇒ Client
• #data ⇒ Types::Role

  Returns the data for this Role.

• #data_loaded? ⇒ Boolean

  Returns ‘true` if this resource is loaded.

• #initialize(*args) ⇒ Role constructor

  A new instance of Role.

• #load ⇒ self (also: #reload)

  Loads, or reloads #data for the current Role.

• #wait_until(options = {}, &block) ⇒ Resource deprecated Deprecated.

  Use [Aws::IAM::Client] #wait_until instead

Constructor Details

#initialize(name, options = {}) ⇒ Role #initialize(options = {}) ⇒ Role

Returns a new instance of Role.

Overloads:

• #initialize(name, options = {}) ⇒ Role

  Parameters:

  • name (String)

  Options Hash (options):

  • :client (Client)
• #initialize(options = {}) ⇒ Role

  Options Hash (options):

  • :name (required, String)
  • :client (Client)

# File 'lib/aws-sdk-iam/role.rb', line 19

def initialize(*args)
  options = Hash === args.last ? args.pop.dup : {}
  @name = extract_name(args, options)
  @data = options.delete(:data)
  @client = options.delete(:client) || Client.new(options)
end

Instance Method Details

#arn ⇒ String

The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see [IAM Identifiers] in the *IAM User Guide* guide.

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html

Returns:

• (String)

# File 'lib/aws-sdk-iam/role.rb', line 65

def arn
  data[:arn]
end

#assume_role_policy ⇒ AssumeRolePolicy

Returns:

• (AssumeRolePolicy)

# File 'lib/aws-sdk-iam/role.rb', line 315

def assume_role_policy
  AssumeRolePolicy.new(
    role_name: @name,
    client: @client
  )
end

#assume_role_policy_document ⇒ String

The policy that grants an entity permission to assume the role.

Returns:

• (String)

# File 'lib/aws-sdk-iam/role.rb', line 82

def assume_role_policy_document
  data[:assume_role_policy_document]
end

#attach_policy(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

role.attach_policy({
  policy_arn: "arnType", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :policy_arn (required, String) —

  The Amazon Resource Name (ARN) of the IAM policy you want to attach.

  For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces] in the *AWS General Reference*.

  [1]: docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-iam/role.rb', line 273

def attach_policy(options = {})
  options = options.merge(role_name: @name)
  resp = @client.attach_role_policy(options)
  resp.data
end

#attached_policies(options = {}) ⇒ Policy::Collection

Examples:

Request syntax with placeholder values

attached_policies = role.attached_policies({
  path_prefix: "policyPathType",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :path_prefix (String) —

  The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.

  This parameter allows (through its [regex pattern]) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

  [1]: wikipedia.org/wiki/regex

Returns:

• (Policy::Collection)

# File 'lib/aws-sdk-iam/role.rb', line 344

def attached_policies(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(role_name: @name)
    resp = @client.list_attached_role_policies(options)
    resp.each_page do |page|
      batch = []
      page.data.attached_policies.each do |a|
        batch << Policy.new(
          arn: a.policy_arn,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Policy::Collection.new(batches)
end

#client ⇒ Client

Returns:

• (Client)

# File 'lib/aws-sdk-iam/role.rb', line 128

def client
  @client
end

#create_date ⇒ Time

The date and time, in [ISO 8601 date-time format], when the role was created.

[1]: www.iso.org/iso/iso8601

Returns:

• (Time)

# File 'lib/aws-sdk-iam/role.rb', line 76

def create_date
  data[:create_date]
end

#data ⇒ Types::Role

Returns the data for this Aws::IAM::Role. Calls Client#get_role if #data_loaded? is ‘false`.

Returns:

• (Types::Role) —

  Returns the data for this Aws::IAM::Role. Calls Client#get_role if #data_loaded? is ‘false`.

# File 'lib/aws-sdk-iam/role.rb', line 148

def data
  load unless @data
  @data
end

#data_loaded? ⇒ Boolean

Returns ‘true` if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

Returns:

• (Boolean) —

  Returns ‘true` if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

# File 'lib/aws-sdk-iam/role.rb', line 156

def data_loaded?
  !!@data
end

#delete(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

role.delete()

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-iam/role.rb', line 284

def delete(options = {})
  options = options.merge(role_name: @name)
  resp = @client.delete_role(options)
  resp.data
end

#description ⇒ String

A description of the role that you provide.

Returns:

• (String)

# File 'lib/aws-sdk-iam/role.rb', line 88

def description
  data[:description]
end

#detach_policy(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

role.detach_policy({
  policy_arn: "arnType", # required
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :policy_arn (required, String) —

  The Amazon Resource Name (ARN) of the IAM policy you want to detach.

  For more information about ARNs, see [Amazon Resource Names (ARNs) and AWS Service Namespaces] in the *AWS General Reference*.

  [1]: docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-iam/role.rb', line 306

def detach_policy(options = {})
  options = options.merge(role_name: @name)
  resp = @client.detach_role_policy(options)
  resp.data
end

#identifiers ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Deprecated.

# File 'lib/aws-sdk-iam/role.rb', line 422

def identifiers
  { name: @name }
end

#instance_profiles(options = {}) ⇒ InstanceProfile::Collection

Examples:

Request syntax with placeholder values

role.instance_profiles()

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Returns:

• (InstanceProfile::Collection)

# File 'lib/aws-sdk-iam/role.rb', line 367

def instance_profiles(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(role_name: @name)
    resp = @client.list_instance_profiles_for_role(options)
    resp.each_page do |page|
      batch = []
      page.data.instance_profiles.each do |i|
        batch << InstanceProfile.new(
          name: i.instance_profile_name,
          data: i,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  InstanceProfile::Collection.new(batches)
end

#load ⇒ self Also known as: reload

Loads, or reloads #data for the current Aws::IAM::Role. Returns ‘self` making it possible to chain methods.

role.reload.data

Returns:

• (self)

# File 'lib/aws-sdk-iam/role.rb', line 138

def load
  resp = @client.get_role(role_name: @name)
  @data = resp.role
  self
end

#max_session_duration ⇒ Integer

The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI, or API to assume the role can specify the duration using the optional ‘DurationSeconds` API parameter or `duration-seconds` CLI parameter.

Returns:

• (Integer)

# File 'lib/aws-sdk-iam/role.rb', line 97

def max_session_duration
  data[:max_session_duration]
end

#name ⇒ String Also known as: role_name

Returns:

• (String)

# File 'lib/aws-sdk-iam/role.rb', line 29

def name
  @name
end

#path ⇒ String

The path to the role. For more information about paths, see [IAM Identifiers] in the *Using IAM* guide.

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html

Returns:

• (String)

# File 'lib/aws-sdk-iam/role.rb', line 41

def path
  data[:path]
end

#permissions_boundary ⇒ Types::AttachedPermissionsBoundary

The ARN of the policy used to set the permissions boundary for the role.

For more information about permissions boundaries, see [Permissions Boundaries for IAM Identities ](IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.

Returns:

• (Types::AttachedPermissionsBoundary)

# File 'lib/aws-sdk-iam/role.rb', line 109

def permissions_boundary
  data[:permissions_boundary]
end

#policies(options = {}) ⇒ RolePolicy::Collection

Examples:

Request syntax with placeholder values

role.policies()

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Returns:

• (RolePolicy::Collection)

# File 'lib/aws-sdk-iam/role.rb', line 391

def policies(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(role_name: @name)
    resp = @client.list_role_policies(options)
    resp.each_page do |page|
      batch = []
      page.data.policy_names.each do |p|
        batch << RolePolicy.new(
          role_name: @name,
          name: p,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  RolePolicy::Collection.new(batches)
end

#policy(name) ⇒ RolePolicy

Parameters:

• name (String)

Returns:

• (RolePolicy)

# File 'lib/aws-sdk-iam/role.rb', line 412

def policy(name)
  RolePolicy.new(
    role_name: @name,
    name: name,
    client: @client
  )
end

#role_id ⇒ String

The stable and unique string identifying the role. For more information about IDs, see [IAM Identifiers] in the *Using IAM* guide.

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html

Returns:

• (String)

# File 'lib/aws-sdk-iam/role.rb', line 53

def role_id
  data[:role_id]
end

#tags ⇒ Array<Types::Tag>

A list of tags that are attached to the specified role. For more information about tagging, see [Tagging IAM Identities] in the *IAM User Guide*.

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html

Returns:

• (Array<Types::Tag>)

# File 'lib/aws-sdk-iam/role.rb', line 121

def tags
  data[:tags]
end

#wait_until(options = {}, &block) ⇒ Resource

Deprecated.

Use [Aws::IAM::Client] #wait_until instead

Note:

The waiting operation is performed on a copy. The original resource remains unchanged

Waiter polls an API operation until a resource enters a desired state.

## Basic Usage

Waiter will polls until it is successful, it fails by entering a terminal state, or until a maximum number of attempts are made.

# polls in a loop until condition is true
resource.wait_until(options) {|resource| condition}

## Example

instance.wait_until(max_attempts:10, delay:5) {|instance| instance.state.name == 'running' }

## Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. The waiting condition is set by passing a block to #wait_until:

# poll for ~25 seconds
resource.wait_until(max_attempts:5,delay:5) {|resource|...}

## Callbacks

You can be notified before each polling attempt and before each delay. If you throw ‘:success` or `:failure` from these callbacks, it will terminate the waiter.

started_at = Time.now
# poll for 1 hour, instead of a number of attempts
proc = Proc.new do |attempts, response|
  throw :failure if Time.now - started_at > 3600
end

  # disable max attempts
instance.wait_until(before_wait:proc, max_attempts:nil) {...}

## Handling Errors

When a waiter is successful, it returns the Resource. When a waiter fails, it raises an error.

begin
  resource.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

attempts attempt in seconds invoked before each attempt invoked before each wait

Parameters:

• options (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (options):

• :max_attempts (Integer) — default: 10 —

  Maximum number of

• :delay (Integer) — default: 10 —

  Delay between each

• :before_attempt (Proc) — default: nil —

  Callback

• :before_wait (Proc) — default: nil —

  Callback

Returns:

• (Resource) —

  if the waiter was successful

Raises:

• (Aws::Waiters::Errors::FailureStateError) —

  Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

  yet successful.

• (Aws::Waiters::Errors::UnexpectedError) —

  Raised when an error is encountered while polling for a resource that is not expected.

• (NotImplementedError) —

  Raised when the resource does not

# File 'lib/aws-sdk-iam/role.rb', line 238

def wait_until(options = {}, &block)
  self_copy = self.dup
  attempts = 0
  options[:max_attempts] = 10 unless options.key?(:max_attempts)
  options[:delay] ||= 10
  options[:poller] = Proc.new do
    attempts += 1
    if block.call(self_copy)
      [:success, self_copy]
    else
      self_copy.reload unless attempts == options[:max_attempts]
      :retry
    end
  end
  Aws::Waiters::Waiter.new(options).wait({})
end