2018-11-11 20:47:49 -08:00
< ? php
2018-12-28 10:35:52 -08:00
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2018-11-11 20:47:49 -08:00
// SPDX-License-Identifier: Apache-2.0
2024-02-05 10:49:20 -07:00
2018-11-11 20:47:49 -08:00
/*
* ABOUT THIS PHP SAMPLE: This sample is part of the SDK for PHP Developer Guide topic at
* https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/iam-examples-working-with-policies.html
*
2019-02-01 21:33:08 -08:00
*
*
2018-11-11 20:47:49 -08:00
*/
2019-02-01 21:33:08 -08:00
// snippet-start:[iam.php.create_role.complete]
// snippet-start:[iam.php.create_role.import]
2024-02-05 10:49:20 -07:00
2018-11-11 20:47:49 -08:00
require 'vendor/autoload.php' ;
2024-02-05 10:49:20 -07:00
2018-11-11 20:47:49 -08:00
use Aws\Exception\AwsException ;
2019-02-01 21:33:08 -08:00
use Aws\Iam\IamClient ;
2024-02-05 10:49:20 -07:00
2019-02-01 21:33:08 -08:00
// snippet-end:[iam.php.create_role.import]
2024-02-05 10:49:20 -07:00
2018-11-11 20:47:49 -08:00
/**
* Creates a new managed policy for your AWS account.
*
* This code expects that you have AWS credentials set up per:
* https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html
*/
2024-02-05 10:49:20 -07:00
2019-02-01 21:33:08 -08:00
//Create an IAM Client
// snippet-start:[iam.php.create_role.main]
2018-11-11 20:47:49 -08:00
$client = new IamClient ([
'profile' => 'default' ,
'region' => 'us-west-2' ,
'version' => '2010-05-08'
]);
2024-02-05 10:49:20 -07:00
2018-11-11 20:47:49 -08:00
$roleName = 'AmazonCSM' ;
2024-02-05 10:49:20 -07:00
2018-11-11 20:47:49 -08:00
$description = 'An Instance role that has permission for Amazon EC2 Systems Manager and SDK Metric Monitoring.' ;
2024-02-05 10:49:20 -07:00
2018-11-11 20:47:49 -08:00
$AmazonCSMPolicy =
'{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sdkmetrics-beta:*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ssm:GetParameter"
],
"Resource": "arn:aws:ssm:*:*:parameter/AmazonCSM*"
}
]
}' ;
2024-02-05 10:49:20 -07:00
2018-11-11 20:47:49 -08:00
$rolePolicy =
'{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}' ;
2024-02-05 10:49:20 -07:00
2018-11-11 20:47:49 -08:00
try {
$iamPolicy = $client -> createPolicy ([
'PolicyName' => $roleName . 'policy' ,
'PolicyDocument' => $AmazonCSMPolicy
]);
if ( $iamPolicy [ '@metadata' ][ 'statusCode' ] == 200 ) {
$policyArn = $iamPolicy [ 'Policy' ][ 'Arn' ];
echo ( '<p> Your IAM Policy has been created. Arn - ' );
echo ( $policyArn );
echo ( '<p>' );
$role = $client -> createRole ([
'RoleName' => $roleName ,
'Description' => $description ,
'AssumeRolePolicyDocument' => $rolePolicy ,
]);
echo ( '<p> Your IAM User Role has been created. Arn: ' );
echo ( $role [ 'Role' ][ 'Arn' ]);
echo ( '<p>' );
if ( $role [ '@metadata' ][ 'statusCode' ] == 200 ) {
$result = $client -> attachRolePolicy ([
'PolicyArn' => $policyArn ,
'RoleName' => $roleName ,
]);
var_dump ( $result );
} else {
echo ( '<p> There was an error creating your IAM User Role </p>' );
var_dump ( $role );
}
} else {
echo ( '<p> There was an error creating your IAM Policy </p>' );
var_dump ( $iamPolicy );
}
} catch ( AwsException $e ) {
// output error message if fails
echo $e ;
error_log ( $e -> getMessage ());
}
2024-02-05 10:49:20 -07:00
2019-02-01 21:33:08 -08:00
// snippet-end:[iam.php.create_role.main]
// snippet-end:[iam.php.create_role.complete]
2019-01-18 00:02:57 -08:00
// snippet-sourceauthor:[jschwarzwalder (AWS)]
