in src/main/java/software/amazon/qldb/tutorial/ExportJournal.java [268:303]
public static String createExportRole(String roleName, AmazonIdentityManagement iamClient,
String s3Bucket, String kmsArn, String rolePolicyName) {
GetRoleRequest getRoleRequest = new GetRoleRequest().withRoleName(roleName);
try {
log.info("Trying to retrieve role with name: " + roleName);
String roleArn = iamClient.getRole(getRoleRequest).getRole().getArn();
log.info("The role called " + roleName + " already exists.");
return roleArn;
} catch (NoSuchEntityException e) {
log.info("The role called " + roleName + " does not exist. Creating it now.");
CreateRoleRequest createRoleRequest = new CreateRoleRequest()
.withRoleName(roleName)
.withAssumeRolePolicyDocument(ASSUME_ROLE_POLICY);
String roleArn = iamClient.createRole(createRoleRequest).getRole().getArn();
String rolePolicyStatement = EXPORT_ROLE_S3_STATEMENT_TEMPLATE.replace("{bucket_name}", s3Bucket);
if (kmsArn != null) {
rolePolicyStatement = rolePolicyStatement + "," + EXPORT_ROLE_KMS_STATEMENT_TEMPLATE.replace("{kms_arn}", kmsArn);
}
String rolePolicy = POLICY_TEMPLATE.replace("{statements}", rolePolicyStatement);
CreatePolicyResult createPolicyResult = iamClient.createPolicy(new CreatePolicyRequest()
.withPolicyName(rolePolicyName)
.withPolicyDocument(rolePolicy));
iamClient.attachRolePolicy(new AttachRolePolicyRequest()
.withRoleName(roleName)
.withPolicyArn(createPolicyResult.getPolicy().getArn()));
log.info("Role " + roleName + " created with ARN: " + roleArn + " and policy: " + rolePolicy);
return roleArn;
}
}