in functions/source/registerType/lambda_function.py [0:0]
def put_role(role_name, policy, trust_policy):
retries = 5
while True:
try:
try:
response = iam.create_role(Path='/', RoleName=role_name, AssumeRolePolicyDocument=json.dumps(trust_policy))
role_arn = response['Role']['Arn']
except iam.exceptions.EntityAlreadyExistsException:
role_arn = f"arn:{partition}:iam::{account_id}:role/{role_name}"
try:
response = iam.create_policy(Path='/', PolicyName=role_name, PolicyDocument=json.dumps(policy))
arn = response['Policy']['Arn']
except iam.exceptions.EntityAlreadyExistsException:
arn = f"arn:{partition}:iam::{account_id}:policy/{role_name}"
versions = iam.list_policy_versions(PolicyArn=arn)['Versions']
if len(versions) >= 5:
oldest = [v for v in versions if not v['IsDefaultVersion']][-1]['VersionId']
iam.delete_policy_version(PolicyArn=arn, VersionId=oldest)
while True:
try:
iam.create_policy_version(PolicyArn=arn, PolicyDocument=json.dumps(policy), SetAsDefault=True)
break
except Exception as e:
if 'you must delete an existing version' in str(e):
versions = iam.list_policy_versions(PolicyArn=arn)['Versions']
oldest = [v for v in versions if not v['IsDefaultVersion']][-1]['VersionId']
iam.delete_policy_version(PolicyArn=arn, VersionId=oldest)
continue
raise
iam.attach_role_policy(RoleName=role_name, PolicyArn=arn)
return role_arn
except Exception as e:
print(e)
retries -= 1
if retries < 1:
raise
sleep(choice(range(1,10)))