in src/AWS.Deploy.Recipes/CdkTemplates/AspNetAppElasticBeanstalkWindows/Generated/Recipe.cs [98:150]
private void ConfigureIAM(Configuration settings)
{
if (settings.ApplicationIAMRole.CreateNew)
{
AppIAMRole = new Role(this, nameof(AppIAMRole), InvokeCustomizeCDKPropsEvent(nameof(AppIAMRole), this, new RoleProps
{
AssumedBy = new ServicePrincipal("ec2.amazonaws.com"),
// https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html
ManagedPolicies = new[]
{
ManagedPolicy.FromAwsManagedPolicyName("AWSElasticBeanstalkWebTier"),
ManagedPolicy.FromAwsManagedPolicyName("AWSElasticBeanstalkWorkerTier")
}
}));
}
else
{
if (string.IsNullOrEmpty(settings.ApplicationIAMRole.RoleArn))
throw new InvalidOrMissingConfigurationException("The provided Application IAM Role ARN is null or empty.");
AppIAMRole = Role.FromRoleArn(this, nameof(AppIAMRole), settings.ApplicationIAMRole.RoleArn);
}
Ec2InstanceProfile = new CfnInstanceProfile(this, nameof(Ec2InstanceProfile), InvokeCustomizeCDKPropsEvent(nameof(Ec2InstanceProfile), this, new CfnInstanceProfileProps
{
Roles = new[]
{
AppIAMRole.RoleName
}
}));
if (settings.ServiceIAMRole.CreateNew)
{
BeanstalkServiceRole = new Role(this, nameof(BeanstalkServiceRole), InvokeCustomizeCDKPropsEvent(nameof(BeanstalkServiceRole), this, new RoleProps
{
AssumedBy = new ServicePrincipal("elasticbeanstalk.amazonaws.com"),
ManagedPolicies = new[]
{
ManagedPolicy.FromAwsManagedPolicyName("AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy"),
ManagedPolicy.FromAwsManagedPolicyName("service-role/AWSElasticBeanstalkEnhancedHealth")
}
}));
}
else
{
if (string.IsNullOrEmpty(settings.ServiceIAMRole.RoleArn))
throw new InvalidOrMissingConfigurationException("The provided Service IAM Role ARN is null or empty.");
BeanstalkServiceRole = Role.FromRoleArn(this, nameof(BeanstalkServiceRole), settings.ServiceIAMRole.RoleArn);
}
}