I'm converting some aws-iot java code over to use boto3 and am stuck when creating a new role. The old code specifies a policy name when specifying the policy for a role, but I don't know how to specify that in boto3. Here's the java code block (note: withId(assumePolicyName)):
iamClient.createRole(new CreateRoleRequest()
.withRoleName(role)
.withAssumeRolePolicyDocument(new com.amazonaws.auth.policy.Policy()
.withId(assumePolicyName)
.withStatements(new Statement(Statement.Effect.Allow)
.withActions(() -> "sts:AssumeRole")
.withPrincipals(new Principal("Service", "iot.amazonaws.com")))
.toJson()
)
);
I can't figure out where to specify the assumePolicyName with boto3, here's what I have in boto3:
self.iamClient.create_role(RoleName=role_name, AssumeRolePolicyDocument={
'Statement': [
{
'Principal': {
'Service': ['iot.amazonaws.com']
},
'Effect': 'Allow',
'Action': ['sts:AssumeRole']
},
]
}
How do I specify a policy name?
As far as I know, IAM provides no way to associate a policy name with the AssumedRolePolicyDocument
. I'm not sure what purpose a name would serve since there can be only one such policy per role and these trust relationships cannot be shared between roles.
I was pretty close. I should have just attempted a few trial/errors. The correct solution is this document:
self.iamClient.create_role(RoleName=role_name, AssumeRolePolicyDocument={
'Id': 'assume_role_id',
'Statement': [
{
'Principal': {
'Service': ['iot.amazonaws.com']
},
'Effect': 'Allow',
'Action': ['sts:AssumeRole']
}
]
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.