stackoom
  简体   繁体   中英

CDK cloud9 - How to attach preconstructed instance profile to Cloud9 instance iam role in cdk?

 原文  2022-06-10 08:24:38       amazon-web-services/ amazon-ec2/ aws-cdk/ cloud9-ide/ aws-cloud9

Question

I created cloud9 instance and vpc environment via cdk. Also with role permissions and instance profile, how do i attach that at the end via cdk too?

Currently there seem to be no in built parameters about setting iam role in Ec2Environment

Can't achieve this automatically too if i use CloudFormation, so i am thinking this is not available yet?

I know i can use custom resource or create a lambda to achieve that, but was thinking it's just a bit too much to just to use to attach an instance profile

My code:

const c9IamRole = new iam.Role(this, 'C9IamRole', {
      roleName: 'cloud9-admin-access-role',
      assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
      managedPolicies: [
        iam.ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess'),
      ]
    });

    const c9InstanceProfile = new iam.CfnInstanceProfile(this, 'C9InstanceProfile', {
      roles: [c9IamRole.roleName],
    });

    // create a cloud9 ec2 environment in a new VPC
    const vpc = new ec2.Vpc(this, 'VPC', { maxAzs: 3 });
    const c9Env = new cloud9.Ec2Environment(this, 'Cloud9Env', {
      vpc,
      instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MICRO),
    });

IAM role that i want to attach the instance profile (at the created cloud9 ec2 instance page) 在此处输入图像描述

1 answers

solution1
 0  2022-06-10 15:33:52

Anything using a Cfn prefixed method is an L1 construct. They do not have the hooks necessary to automatically apply them to other constructs (l2 and l3 - the higher level objects) - they are bare bones, just basically a translation from your code to cfn template snippet.

if iam.CfnInstanceProfile does not have a l2 or l3 version (as of this answer it does not seem to, but the CDK team is always updating) then you'll have to manually attach it using other cfn methods.

Also, the cloud9 library is (as of this writing) still Experimental, which is a good indication that it wont have all the things it needs - It does not seem to have any property for attaching a role. You might be able to manually (again using cfn escape hatch methods) attach a role.

You might try instead applying the roles to a User/Group and giving them permission to access the cloud9, rather than attaching the role to cloud9 and give allowance to various Identities - it may be easier with current CDK constructs.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I set up a AWS Cloud9 instance using AWS-CDK? Not able to attach Role via AWS Cloud9 Cloud9 and CloudFormation - access EC2 instance Create Cloud9 instance via commandline CAPABILITY_NAMED_IAM using cloud9 Cloud9 EC2 instance loses configuration when auto hibernating How to install/configure python 3.7 on Amazon1 EC2 instance (Cloud9)? AWS Cloud9 with Angular 9 IAM role is not assigned an instance profile How to deploy from Cloud9 to EC2?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM