Iam roles API


Create an IAM role

POST /iam_roles

Parameters

assume_role_policy_document
required: false
Role policy document for the API call: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
instance_profile
required: false
default: true
Should the role have an associated instance profile
name
required: false
Name of the Role
path
required: false
Path of the role. Default '/'
policy
required: false
Policy document to use. Not required, but if specified, valid values are: [EFSBackupPolicy, KubeyPolicy]
policy_arn
required: false
Amazon Resource Name of the policy to use if you aren't using a user managed policy
user_managed_policy
required: false
Is the policy you are using going to be custom

Request

          Accept: application/vnd.engineyard.v3+json
          Content-Type: application/json
          
            
          {
            "provider": 277,
            "iam_role": {
              "instance_profile": true,
              "name": "b7b7f5f936",
              "path": "/",
              "policy": "KubeyPolicy",
              "user_managed_policy": true
            }
          }
            
          

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "request": {
              "type": "provision_iam_role",
              "id": "1281fbf0-d027-4175-b396-ec0e147c2183",
              "created_at": "2018-04-12T18:05:04+00:00",
              "started_at": "2018-04-12T18:05:04+00:00",
              "finished_at": "2018-04-12T18:05:05+00:00",
              "message": null,
              "request_status": "Finished: Provision iam role (1281fbf0-d027-4175-b396-ec0e147c2183) (less than a minute ago)",
              "successful": true,
              "updated_at": "2018-04-12T18:05:05+00:00",
              "read_channel": null,
              "stage": "create",
              "dependencies": "https://api.engineyard.com/requests/1281fbf0-d027-4175-b396-ec0e147c2183/dependencies",
              "stages": "https://api.engineyard.com/requests/1281fbf0-d027-4175-b396-ec0e147c2183/stages",
              "account": "https://api.engineyard.com/accounts/e7be0b98-1404-4e3c-a0be-9f771854416f",
              "requester": "https://api.engineyard.com/requests/1281fbf0-d027-4175-b396-ec0e147c2183/requester",
              "messages": "https://api.engineyard.com/requests/1281fbf0-d027-4175-b396-ec0e147c2183/messages",
              "callback_url": "https://api.engineyard.com/requests/1281fbf0-d027-4175-b396-ec0e147c2183/callback",
              "progress": false,
              "resource": "https://api.engineyard.com/iam_roles/e21dbe2e-9a9e-4edf-9f0a-558306569d16"
            }
          }
            
          








Delete a role

DELETE /iam_roles/:role_id

Request

          Accept: application/vnd.engineyard.v3+json
          Content-Type: application/json
          
            
          {
          }
            
          

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "request": {
              "type": "deprovision_iam_role",
              "id": "2fd56a82-678c-41ee-af02-64a73e97c3b7",
              "created_at": "2018-04-12T18:05:13+00:00",
              "started_at": "2018-04-12T18:05:13+00:00",
              "finished_at": "2018-04-12T18:05:13+00:00",
              "message": null,
              "request_status": "Finished: Deprovision iam role (2fd56a82-678c-41ee-af02-64a73e97c3b7) (less than a minute ago)",
              "successful": true,
              "updated_at": "2018-04-12T18:05:13+00:00",
              "read_channel": null,
              "stage": "destroy",
              "dependencies": "https://api.engineyard.com/requests/2fd56a82-678c-41ee-af02-64a73e97c3b7/dependencies",
              "stages": "https://api.engineyard.com/requests/2fd56a82-678c-41ee-af02-64a73e97c3b7/stages",
              "account": "https://api.engineyard.com/accounts/56fe9402-b89e-415c-b5f1-671e20e17170",
              "requester": "https://api.engineyard.com/requests/2fd56a82-678c-41ee-af02-64a73e97c3b7/requester",
              "messages": "https://api.engineyard.com/requests/2fd56a82-678c-41ee-af02-64a73e97c3b7/messages",
              "callback_url": "https://api.engineyard.com/requests/2fd56a82-678c-41ee-af02-64a73e97c3b7/callback",
              "progress": false,
              "resource": false
            }
          }
            
          








Get a role

GET /iam_roles/:role_id

Request

          Accept: application/vnd.engineyard.v3+json
          Content-Type: application/json
          
            
          {
          }
            
          

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "iam_role": {
              "created_at": "2018-04-12T18:05:10+00:00",
              "deleted_at": null,
              "id": "023e6180-6152-44f8-82ee-a6c2d94e58c7",
              "name": "40fc900e8f98",
              "updated_at": "2018-04-12T18:05:10+00:00",
              "provisioner_id": "ef683be5-2eed-4ef9-abeb-55b899c694fd",
              "provisioned_id": "40fc900e8f98",
              "arn": "arn:aws:iam:2661421131:role/40fc900e8f98",
              "policy": {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Effect": "Allow",
                    "Action": [
                      "ec2:AttachVolume",
                      "ec2:AuthorizeSecurityGroupIngress",
                      "ec2:CreateRoute",
                      "ec2:CreateSecurityGroup",
                      "ec2:CreateTags",
                      "ec2:CreateVolume",
                      "ec2:DeleteRoute",
                      "ec2:DeleteSecurityGroup",
                      "ec2:DeleteVolume",
                      "ec2:DescribeInstances",
                      "ec2:DescribeRouteTables",
                      "ec2:DescribeSecurityGroups",
                      "ec2:DescribeSubnets",
                      "ec2:DescribeVolumes",
                      "ec2:DetachVolume",
                      "ec2:ModifyInstanceAttribute",
                      "ec2:RevokeSecurityGroupIngress"
                    ],
                    "Resource": [
                      "*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "elasticloadbalancing:*"
                    ],
                    "Resource": [
                      "*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "route53:*"
                    ],
                    "Resource": [
                      "*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": "s3:*",
                    "Resource": [
                      "arn:aws:s3:::kubernetes-*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "ecr:GetAuthorizationToken",
                      "ecr:BatchCheckLayerAvailability",
                      "ecr:GetDownloadUrlForLayer",
                      "ecr:GetRepositoryPolicy",
                      "ecr:DescribeRepositories",
                      "ecr:ListImages",
                      "ecr:BatchGetImage",
                      "ecr:InitiateLayerUpload",
                      "ecr:UploadLayerPart",
                      "ecr:PutImage",
                      "ecr:CompleteLayerUpload",
                      "ecr:CreateRepository"
                    ],
                    "Resource": "*"
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "autoscaling:*"
                    ],
                    "Resource": [
                      "*"
                    ]
                  }
                ]
              },
              "assume_role_policy_document": {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Effect": "Allow",
                    "Principal": {
                      "Service": [
                        "ec2.amazonaws.com"
                      ]
                    },
                    "Action": "sts:AssumeRole"
                  }
                ]
              },
              "provider": "https://api.engineyard.com/providers/279",
              "policy_arn": "arn:aws:iam:af5b3abd-8142-437c-95b8-978e470f50ba:policy/40fc900e8f98",
              "instance_profile": true,
              "user_managed_policy": true,
              "path": "/"
            }
          }
            
          








List roles

GET /iam_roles

Request

          Accept: application/vnd.engineyard.v3+json
          Content-Type: application/json
          
            
          {
          }
            
          

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "iam_roles": [
              {
                "created_at": "2018-04-12T18:05:07+00:00",
                "deleted_at": null,
                "id": "70540c3d-4246-4cc9-a6e1-556e73f7e298",
                "name": "9f0ceaa01256",
                "updated_at": "2018-04-12T18:05:07+00:00",
                "provisioner_id": "0f4e10b3-cdb5-49b6-b9dc-c2a16a498584",
                "provisioned_id": "9f0ceaa01256",
                "arn": "arn:aws:iam:4190068983:role/9f0ceaa01256",
                "policy": {
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Effect": "Allow",
                      "Action": [
                        "ec2:AttachVolume",
                        "ec2:AuthorizeSecurityGroupIngress",
                        "ec2:CreateRoute",
                        "ec2:CreateSecurityGroup",
                        "ec2:CreateTags",
                        "ec2:CreateVolume",
                        "ec2:DeleteRoute",
                        "ec2:DeleteSecurityGroup",
                        "ec2:DeleteVolume",
                        "ec2:DescribeInstances",
                        "ec2:DescribeRouteTables",
                        "ec2:DescribeSecurityGroups",
                        "ec2:DescribeSubnets",
                        "ec2:DescribeVolumes",
                        "ec2:DetachVolume",
                        "ec2:ModifyInstanceAttribute",
                        "ec2:RevokeSecurityGroupIngress"
                      ],
                      "Resource": [
                        "*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "elasticloadbalancing:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "route53:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": "s3:*",
                      "Resource": [
                        "arn:aws:s3:::kubernetes-*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "ecr:GetAuthorizationToken",
                        "ecr:BatchCheckLayerAvailability",
                        "ecr:GetDownloadUrlForLayer",
                        "ecr:GetRepositoryPolicy",
                        "ecr:DescribeRepositories",
                        "ecr:ListImages",
                        "ecr:BatchGetImage",
                        "ecr:InitiateLayerUpload",
                        "ecr:UploadLayerPart",
                        "ecr:PutImage",
                        "ecr:CompleteLayerUpload",
                        "ecr:CreateRepository"
                      ],
                      "Resource": "*"
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "autoscaling:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    }
                  ]
                },
                "assume_role_policy_document": {
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Effect": "Allow",
                      "Principal": {
                        "Service": [
                          "ec2.amazonaws.com"
                        ]
                      },
                      "Action": "sts:AssumeRole"
                    }
                  ]
                },
                "provider": "https://api.engineyard.com/providers/278",
                "policy_arn": "arn:aws:iam:73e7d02f-04be-4bc3-a3bf-b45077d7842b:policy/9f0ceaa01256",
                "instance_profile": true,
                "user_managed_policy": true,
                "path": "/"
              }
            ]
          }