in awscli/customizations/dlm/createdefaultrole.py [0:0]
def _create_default_role_if_not_exists(self, parsed_globals):
"""Method to create default lifecycle role
if it doesn't exist already
"""
role_name = RESOURCES[self._resource_type]['default_role_name']
assume_role_policy = LIFECYCLE_DEFAULT_ROLE_ASSUME_POLICY
if self._iam_client.check_if_role_exists(role_name):
LOG.debug('Role %s exists', role_name)
return None
LOG.debug('Role %s does not exist. '
'Creating default role for Lifecycle', role_name)
# Get Region
region = get_region(self._session, parsed_globals)
if region is None:
raise ValueError('You must specify a region. '
'You can also configure your region '
'by running "aws configure".')
managed_policy_arn = get_policy_arn(
region,
RESOURCES[self._resource_type]['default_policy_name']
)
# Don't proceed if managed policy does not exist
if not self._iam_client.check_if_policy_exists(managed_policy_arn):
LOG.debug('Managed Policy %s does not exist.', managed_policy_arn)
return None
LOG.debug('Managed Policy %s exists.', managed_policy_arn)
# Create default role
create_role_response = \
self._iam_client.create_role_with_trust_policy(
role_name,
assume_role_policy
)
# Attach policy to role
self._iam_client.attach_policy_to_role(
managed_policy_arn,
role_name
)
# Construct result
get_policy_response = self._iam_client.get_policy(managed_policy_arn)
return _construct_result(create_role_response, get_policy_response)