in src/ExportJournal.ts [174:220]
async function createExportRole(
roleName: string,
keyArn: string,
rolePolicyName: string,
s3BucketName: string
): Promise<string> {
const iAmClient: IAM = new IAM();
log(`Trying to retrieve role with name: ${roleName}`);
let newRoleArn: string = "";
try {
const getRoleRequest: GetRoleRequest = {
RoleName: roleName
};
newRoleArn = (await iAmClient.getRole(getRoleRequest).promise()).Role.Arn;
log(`The role called ${roleName} already exists.`);
}
catch {
log(`The role called ${roleName} does not exist. Creating it now.`);
POLICY_TEMPLATE.Statement[0] = ASSUME_ROLE_POLICY_TEMPLATE;
const createRoleRequest: CreateRoleRequest = {
RoleName: roleName,
AssumeRolePolicyDocument: JSON.stringify(POLICY_TEMPLATE)
};
const role: CreateRoleResponse = await iAmClient.createRole(createRoleRequest).promise();
log(`Created a role called ${roleName}.`);
newRoleArn = role.Role.Arn;
POLICY_TEMPLATE.Statement[0] = EXPORT_ROLE_S3_STATEMENT_TEMPLATE;
if (keyArn) {
POLICY_TEMPLATE.Statement[1] = EXPORT_ROLE_KMS_STATEMENT_TEMPLATE;
}
let rolePolicy: string = JSON.stringify(POLICY_TEMPLATE).replace("{kms_arn}", keyArn);
rolePolicy = rolePolicy.replace("{bucket_name}", s3BucketName);
const createPolicyRequest: CreatePolicyRequest = {
PolicyName: rolePolicyName,
PolicyDocument: rolePolicy
};
const createPolicyResult: CreatePolicyResponse = await iAmClient.createPolicy(createPolicyRequest).promise();
const attachRolePolicyRequest: AttachRolePolicyRequest = {
RoleName: roleName,
PolicyArn: createPolicyResult.Policy.Arn
};
await iAmClient.attachRolePolicy(attachRolePolicyRequest).promise();
log(`Role ${roleName} created with ARN: ${newRoleArn} and policy: ${rolePolicy}.`);
}
return newRoleArn;
}