Iam roles API


Create an IAM role

POST /iam_roles

Parameters

assume_role_policy_document
required: false
Role policy document for the API call: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
instance_profile
required: false
default: true
Should the role have an associated instance profile
name
required: false
Name of the Role
path
required: false
Path of the role. Default '/'
policy
required: false
Policy document to use. Not required, but if specified, valid values are: [EFSBackupPolicy, KubeyPolicy]
policy_arn
required: false
Amazon Resource Name of the policy to use if you aren't using a user managed policy
user_managed_policy
required: false
Is the policy you are using going to be custom

Request

          Accept: application/vnd.engineyard.v3+json
          Content-Type: application/json
          
            
          {
            "provider": 169,
            "iam_role": {
              "instance_profile": true,
              "name": "e3d2a9d347",
              "path": "/",
              "policy": "KubeyPolicy",
              "user_managed_policy": true
            }
          }
            
          

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "request": {
              "type": "provision_iam_role",
              "id": "fa767902-aae2-46e8-b7a8-15720f0617a7",
              "created_at": "2017-10-10T15:55:56+00:00",
              "started_at": "2017-10-10T15:55:56+00:00",
              "finished_at": "2017-10-10T15:55:57+00:00",
              "message": null,
              "request_status": "Finished: Provision iam role (fa767902-aae2-46e8-b7a8-15720f0617a7) (less than a minute ago)",
              "successful": true,
              "updated_at": "2017-10-10T15:55:57+00:00",
              "read_channel": null,
              "stage": "create",
              "dependencies": "https://api.engineyard.com/requests/fa767902-aae2-46e8-b7a8-15720f0617a7/dependencies",
              "stages": "https://api.engineyard.com/requests/fa767902-aae2-46e8-b7a8-15720f0617a7/stages",
              "account": "https://api.engineyard.com/accounts/dac66b5a-646d-4607-b6a9-44eb0b239d51",
              "requester": "https://api.engineyard.com/requests/fa767902-aae2-46e8-b7a8-15720f0617a7/requester",
              "messages": "https://api.engineyard.com/requests/fa767902-aae2-46e8-b7a8-15720f0617a7/messages",
              "callback_url": "https://api.engineyard.com/requests/fa767902-aae2-46e8-b7a8-15720f0617a7/callback",
              "progress": false,
              "resource": "https://api.engineyard.com/iam_roles/63009aa9-6feb-42d7-ac38-852934aba849"
            }
          }
            
          








Delete a role

DELETE /iam_roles/:role_id

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "request": {
              "type": "deprovision_iam_role",
              "id": "94298f46-0bed-4963-bc14-5e81e9cd8a15",
              "created_at": "2017-10-10T15:56:03+00:00",
              "started_at": "2017-10-10T15:56:03+00:00",
              "finished_at": "2017-10-10T15:56:03+00:00",
              "message": null,
              "request_status": "Finished: Deprovision iam role (94298f46-0bed-4963-bc14-5e81e9cd8a15) (less than a minute ago)",
              "successful": true,
              "updated_at": "2017-10-10T15:56:03+00:00",
              "read_channel": null,
              "stage": "destroy",
              "dependencies": "https://api.engineyard.com/requests/94298f46-0bed-4963-bc14-5e81e9cd8a15/dependencies",
              "stages": "https://api.engineyard.com/requests/94298f46-0bed-4963-bc14-5e81e9cd8a15/stages",
              "account": "https://api.engineyard.com/accounts/b4457cc4-5af5-4edf-afb8-522707f6d51e",
              "requester": "https://api.engineyard.com/requests/94298f46-0bed-4963-bc14-5e81e9cd8a15/requester",
              "messages": "https://api.engineyard.com/requests/94298f46-0bed-4963-bc14-5e81e9cd8a15/messages",
              "callback_url": "https://api.engineyard.com/requests/94298f46-0bed-4963-bc14-5e81e9cd8a15/callback",
              "progress": false,
              "resource": false
            }
          }
            
          








Get a role

GET /iam_roles/:role_id

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "iam_role": {
              "created_at": "2017-10-10T15:56:01+00:00",
              "deleted_at": null,
              "id": "1cb1b36c-a746-42df-8499-e0da6045c132",
              "name": "a312f6ac5b3c",
              "updated_at": "2017-10-10T15:56:01+00:00",
              "provisioner_id": "2e967a89-3c43-4779-860c-899802bcb495",
              "provisioned_id": "a312f6ac5b3c",
              "arn": "arn:aws:iam:8315048412:role/a312f6ac5b3c",
              "policy": {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Effect": "Allow",
                    "Action": [
                      "ec2:AttachVolume",
                      "ec2:AuthorizeSecurityGroupIngress",
                      "ec2:CreateRoute",
                      "ec2:CreateSecurityGroup",
                      "ec2:CreateTags",
                      "ec2:CreateVolume",
                      "ec2:DeleteRoute",
                      "ec2:DeleteSecurityGroup",
                      "ec2:DeleteVolume",
                      "ec2:DescribeInstances",
                      "ec2:DescribeRouteTables",
                      "ec2:DescribeSecurityGroups",
                      "ec2:DescribeSubnets",
                      "ec2:DescribeVolumes",
                      "ec2:DetachVolume",
                      "ec2:ModifyInstanceAttribute",
                      "ec2:RevokeSecurityGroupIngress"
                    ],
                    "Resource": [
                      "*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "elasticloadbalancing:*"
                    ],
                    "Resource": [
                      "*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "route53:*"
                    ],
                    "Resource": [
                      "*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": "s3:*",
                    "Resource": [
                      "arn:aws:s3:::kubernetes-*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "ecr:GetAuthorizationToken",
                      "ecr:BatchCheckLayerAvailability",
                      "ecr:GetDownloadUrlForLayer",
                      "ecr:GetRepositoryPolicy",
                      "ecr:DescribeRepositories",
                      "ecr:ListImages",
                      "ecr:BatchGetImage",
                      "ecr:InitiateLayerUpload",
                      "ecr:UploadLayerPart",
                      "ecr:PutImage",
                      "ecr:CompleteLayerUpload",
                      "ecr:CreateRepository"
                    ],
                    "Resource": "*"
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "autoscaling:*"
                    ],
                    "Resource": [
                      "*"
                    ]
                  }
                ]
              },
              "assume_role_policy_document": {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Effect": "Allow",
                    "Principal": {
                      "Service": [
                        "ec2.amazonaws.com"
                      ]
                    },
                    "Action": "sts:AssumeRole"
                  }
                ]
              },
              "provider": "https://api.engineyard.com/providers/171",
              "policy_arn": "arn:aws:iam:3465dd96-3c6d-4671-b755-cbf32e40af61:policy/a312f6ac5b3c",
              "instance_profile": true,
              "user_managed_policy": true,
              "path": "/"
            }
          }
            
          








List roles

GET /iam_roles

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "iam_roles": [
              {
                "created_at": "2017-10-10T15:55:59+00:00",
                "deleted_at": null,
                "id": "a01b673c-7975-4c3b-aa24-6900835f0ba4",
                "name": "9dac41b0d93c",
                "updated_at": "2017-10-10T15:55:59+00:00",
                "provisioner_id": "b5b32825-33a1-4b1a-b5a2-d37851591d79",
                "provisioned_id": "9dac41b0d93c",
                "arn": "arn:aws:iam:7795831113:role/9dac41b0d93c",
                "policy": {
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Effect": "Allow",
                      "Action": [
                        "ec2:AttachVolume",
                        "ec2:AuthorizeSecurityGroupIngress",
                        "ec2:CreateRoute",
                        "ec2:CreateSecurityGroup",
                        "ec2:CreateTags",
                        "ec2:CreateVolume",
                        "ec2:DeleteRoute",
                        "ec2:DeleteSecurityGroup",
                        "ec2:DeleteVolume",
                        "ec2:DescribeInstances",
                        "ec2:DescribeRouteTables",
                        "ec2:DescribeSecurityGroups",
                        "ec2:DescribeSubnets",
                        "ec2:DescribeVolumes",
                        "ec2:DetachVolume",
                        "ec2:ModifyInstanceAttribute",
                        "ec2:RevokeSecurityGroupIngress"
                      ],
                      "Resource": [
                        "*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "elasticloadbalancing:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "route53:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": "s3:*",
                      "Resource": [
                        "arn:aws:s3:::kubernetes-*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "ecr:GetAuthorizationToken",
                        "ecr:BatchCheckLayerAvailability",
                        "ecr:GetDownloadUrlForLayer",
                        "ecr:GetRepositoryPolicy",
                        "ecr:DescribeRepositories",
                        "ecr:ListImages",
                        "ecr:BatchGetImage",
                        "ecr:InitiateLayerUpload",
                        "ecr:UploadLayerPart",
                        "ecr:PutImage",
                        "ecr:CompleteLayerUpload",
                        "ecr:CreateRepository"
                      ],
                      "Resource": "*"
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "autoscaling:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    }
                  ]
                },
                "assume_role_policy_document": {
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Effect": "Allow",
                      "Principal": {
                        "Service": [
                          "ec2.amazonaws.com"
                        ]
                      },
                      "Action": "sts:AssumeRole"
                    }
                  ]
                },
                "provider": "https://api.engineyard.com/providers/170",
                "policy_arn": "arn:aws:iam:056c0f3f-83c6-41e0-bbcf-efc6b3e6fdfc:policy/9dac41b0d93c",
                "instance_profile": true,
                "user_managed_policy": true,
                "path": "/"
              }
            ]
          }