Class: Aws::IAM::Role
- Inherits:
-
Object
- Object
- Aws::IAM::Role
- Extended by:
- Deprecations
- Defined in:
- lib/aws-sdk-iam/role.rb
Defined Under Namespace
Classes: Collection
Read-Only Attributes collapse
-
#arn ⇒ String
The Amazon Resource Name (ARN) specifying the role.
-
#assume_role_policy_document ⇒ String
The policy that grants an entity permission to assume the role.
-
#create_date ⇒ Time
The date and time, in [ISO 8601 date-time format], when the role was created.
-
#description ⇒ String
A description of the role that you provide.
-
#max_session_duration ⇒ Integer
The maximum session duration (in seconds) for the specified role.
- #name ⇒ String (also: #role_name)
-
#path ⇒ String
The path to the role.
-
#permissions_boundary ⇒ Types::AttachedPermissionsBoundary
The ARN of the policy used to set the permissions boundary for the role.
-
#role_id ⇒ String
The stable and unique string identifying the role.
-
#role_last_used ⇒ Types::RoleLastUsed
Contains information about the last time that an IAM role was used.
-
#tags ⇒ Array<Types::Tag>
A list of tags that are attached to the role.
Actions collapse
- #attach_policy(options = {}) ⇒ EmptyStructure
- #delete(options = {}) ⇒ EmptyStructure
- #detach_policy(options = {}) ⇒ EmptyStructure
Associations collapse
- #assume_role_policy ⇒ AssumeRolePolicy
- #attached_policies(options = {}) ⇒ Policy::Collection
- #identifiers ⇒ Object deprecated private Deprecated.
- #instance_profiles(options = {}) ⇒ InstanceProfile::Collection
- #policies(options = {}) ⇒ RolePolicy::Collection
- #policy(name) ⇒ RolePolicy
Instance Method Summary collapse
- #client ⇒ Client
-
#data ⇒ Types::Role
Returns the data for this Role.
-
#data_loaded? ⇒ Boolean
Returns ‘true` if this resource is loaded.
-
#initialize(*args) ⇒ Role
constructor
A new instance of Role.
- #load ⇒ self (also: #reload)
-
#wait_until(options = {}) {|resource| ... } ⇒ Resource
deprecated
Deprecated.
Use [Aws::IAM::Client] #wait_until instead
Constructor Details
#initialize(name, options = {}) ⇒ Role #initialize(options = {}) ⇒ Role
Returns a new instance of Role.
22 23 24 25 26 27 28 |
# File 'lib/aws-sdk-iam/role.rb', line 22 def initialize(*args) = Hash === args.last ? args.pop.dup : {} @name = extract_name(args, ) @data = .delete(:data) @client = .delete(:client) || Client.new() @waiter_block_warned = false end |
Instance Method Details
#arn ⇒ String
The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see [IAM identifiers] in the *IAM User Guide* guide.
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
69 70 71 |
# File 'lib/aws-sdk-iam/role.rb', line 69 def arn data[:arn] end |
#assume_role_policy ⇒ AssumeRolePolicy
348 349 350 351 352 353 |
# File 'lib/aws-sdk-iam/role.rb', line 348 def assume_role_policy AssumeRolePolicy.new( role_name: @name, client: @client ) end |
#assume_role_policy_document ⇒ String
The policy that grants an entity permission to assume the role.
86 87 88 |
# File 'lib/aws-sdk-iam/role.rb', line 86 def assume_role_policy_document data[:assume_role_policy_document] end |
#attach_policy(options = {}) ⇒ EmptyStructure
300 301 302 303 304 305 306 |
# File 'lib/aws-sdk-iam/role.rb', line 300 def attach_policy( = {}) = .merge(role_name: @name) resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do @client.attach_role_policy() end resp.data end |
#attached_policies(options = {}) ⇒ Policy::Collection
377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 |
# File 'lib/aws-sdk-iam/role.rb', line 377 def attached_policies( = {}) batches = Enumerator.new do |y| = .merge(role_name: @name) resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do @client.list_attached_role_policies() end resp.each_page do |page| batch = [] page.data.attached_policies.each do |a| batch << Policy.new( arn: a.policy_arn, client: @client ) end y.yield(batch) end end Policy::Collection.new(batches) end |
#create_date ⇒ Time
The date and time, in [ISO 8601 date-time format], when the role was created.
80 81 82 |
# File 'lib/aws-sdk-iam/role.rb', line 80 def create_date data[:create_date] end |
#data ⇒ Types::Role
Returns the data for this Aws::IAM::Role. Calls Client#get_role if #data_loaded? is ‘false`.
171 172 173 174 |
# File 'lib/aws-sdk-iam/role.rb', line 171 def data load unless @data @data end |
#data_loaded? ⇒ Boolean
179 180 181 |
# File 'lib/aws-sdk-iam/role.rb', line 179 def data_loaded? !!@data end |
#delete(options = {}) ⇒ EmptyStructure
313 314 315 316 317 318 319 |
# File 'lib/aws-sdk-iam/role.rb', line 313 def delete( = {}) = .merge(role_name: @name) resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do @client.delete_role() end resp.data end |
#description ⇒ String
A description of the role that you provide.
92 93 94 |
# File 'lib/aws-sdk-iam/role.rb', line 92 def description data[:description] end |
#detach_policy(options = {}) ⇒ EmptyStructure
337 338 339 340 341 342 343 |
# File 'lib/aws-sdk-iam/role.rb', line 337 def detach_policy( = {}) = .merge(role_name: @name) resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do @client.detach_role_policy() end resp.data end |
#identifiers ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
461 462 463 |
# File 'lib/aws-sdk-iam/role.rb', line 461 def identifiers { name: @name } end |
#instance_profiles(options = {}) ⇒ InstanceProfile::Collection
402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 |
# File 'lib/aws-sdk-iam/role.rb', line 402 def instance_profiles( = {}) batches = Enumerator.new do |y| = .merge(role_name: @name) resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do @client.list_instance_profiles_for_role() end resp.each_page do |page| batch = [] page.data.instance_profiles.each do |i| batch << InstanceProfile.new( name: i.instance_profile_name, data: i, client: @client ) end y.yield(batch) end end InstanceProfile::Collection.new(batches) end |
#load ⇒ self Also known as: reload
Loads, or reloads #data for the current Aws::IAM::Role. Returns ‘self` making it possible to chain methods.
role.reload.data
159 160 161 162 163 164 165 |
# File 'lib/aws-sdk-iam/role.rb', line 159 def load resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do @client.get_role(role_name: @name) end @data = resp.role self end |
#max_session_duration ⇒ Integer
The maximum session duration (in seconds) for the specified role. Anyone who uses the CLI, or API to assume the role can specify the duration using the optional ‘DurationSeconds` API parameter or `duration-seconds` CLI parameter.
101 102 103 |
# File 'lib/aws-sdk-iam/role.rb', line 101 def max_session_duration data[:max_session_duration] end |
#name ⇒ String Also known as: role_name
33 34 35 |
# File 'lib/aws-sdk-iam/role.rb', line 33 def name @name end |
#path ⇒ String
The path to the role. For more information about paths, see [IAM identifiers] in the *IAM User Guide*.
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
45 46 47 |
# File 'lib/aws-sdk-iam/role.rb', line 45 def path data[:path] end |
#permissions_boundary ⇒ Types::AttachedPermissionsBoundary
The ARN of the policy used to set the permissions boundary for the role.
For more information about permissions boundaries, see [Permissions boundaries for IAM identities ][1] in the *IAM User Guide*.
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
115 116 117 |
# File 'lib/aws-sdk-iam/role.rb', line 115 def data[:permissions_boundary] end |
#policies(options = {}) ⇒ RolePolicy::Collection
428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 |
# File 'lib/aws-sdk-iam/role.rb', line 428 def policies( = {}) batches = Enumerator.new do |y| = .merge(role_name: @name) resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do @client.list_role_policies() end resp.each_page do |page| batch = [] page.data.policy_names.each do |p| batch << RolePolicy.new( role_name: @name, name: p, client: @client ) end y.yield(batch) end end RolePolicy::Collection.new(batches) end |
#policy(name) ⇒ RolePolicy
451 452 453 454 455 456 457 |
# File 'lib/aws-sdk-iam/role.rb', line 451 def policy(name) RolePolicy.new( role_name: @name, name: name, client: @client ) end |
#role_id ⇒ String
The stable and unique string identifying the role. For more information about IDs, see [IAM identifiers] in the *IAM User Guide*.
[1]: docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html
57 58 59 |
# File 'lib/aws-sdk-iam/role.rb', line 57 def role_id data[:role_id] end |
#role_last_used ⇒ Types::RoleLastUsed
Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see [Regions where data is tracked] in the *IAM user Guide*.
142 143 144 |
# File 'lib/aws-sdk-iam/role.rb', line 142 def role_last_used data[:role_last_used] end |
#tags ⇒ Array<Types::Tag>
A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources] in the *IAM User Guide*.
126 127 128 |
# File 'lib/aws-sdk-iam/role.rb', line 126 def data[:tags] end |
#wait_until(options = {}) {|resource| ... } ⇒ Resource
Use [Aws::IAM::Client] #wait_until instead
The waiting operation is performed on a copy. The original resource remains unchanged.
Waiter polls an API operation until a resource enters a desired state.
## Basic Usage
Waiter will polls until it is successful, it fails by entering a terminal state, or until a maximum number of attempts are made.
# polls in a loop until condition is true
resource.wait_until() {|resource| condition}
## Example
instance.wait_until(max_attempts:10, delay:5) do |instance|
instance.state.name == 'running'
end
## Configuration
You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. The waiting condition is set by passing a block to #wait_until:
# poll for ~25 seconds
resource.wait_until(max_attempts:5,delay:5) {|resource|...}
## Callbacks
You can be notified before each polling attempt and before each delay. If you throw ‘:success` or `:failure` from these callbacks, it will terminate the waiter.
started_at = Time.now
# poll for 1 hour, instead of a number of attempts
proc = Proc.new do |attempts, response|
throw :failure if Time.now - started_at > 3600
end
# disable max attempts
instance.wait_until(before_wait:proc, max_attempts:nil) {...}
## Handling Errors
When a waiter is successful, it returns the Resource. When a waiter fails, it raises an error.
begin
resource.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
# resource did not enter the desired state in time
end
attempts attempt in seconds invoked before each attempt invoked before each wait
263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 |
# File 'lib/aws-sdk-iam/role.rb', line 263 def wait_until( = {}, &block) self_copy = self.dup attempts = 0 [:max_attempts] = 10 unless .key?(:max_attempts) [:delay] ||= 10 [:poller] = Proc.new do attempts += 1 if block.call(self_copy) [:success, self_copy] else self_copy.reload unless attempts == [:max_attempts] :retry end end Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do Aws::Waiters::Waiter.new().wait({}) end end |