in createBrokerEndpointsDDBReadOnyRole.py [0:0]
def create_role_with_policy(policy_arn):
assumeRolePolicyDocumentForRemote= {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": remote_user_arn
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
role_name="MSKRemoteAccountBrokerEndpointsRole"
try:
response = iam.create_role(
RoleName=role_name,
AssumeRolePolicyDocument=json.dumps(assumeRolePolicyDocumentForRemote)
)
role_arn = response
except ClientError as err:
if err.response['Error']['Code'] == 'EntityAlreadyExists':
print('Role already exists... Attaching policy...')
else:
raise err
try:
iam.attach_role_policy(
PolicyArn=policy_arn,
RoleName=role_name
)
response= iam.get_role(RoleName = role_name)
role_arn = response['Role']['Arn']
except ClientError as err:
raise err
return role_arn