Iam roles API


List roles

GET /iam_roles

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "iam_roles": [
              {
                "created_at": "2017-02-22T17:02:13+00:00",
                "deleted_at": null,
                "id": "3fb3dbfa-7dd8-48fd-88ff-e29e3946af17",
                "name": "593ce01e0fb3",
                "updated_at": "2017-02-22T17:02:13+00:00",
                "provisioner_id": "e77cc0f2-a6b4-490e-98ab-2ba5a830d5fc",
                "provisioned_id": "593ce01e0fb3",
                "arn": "arn:aws:iam:8011427851:role/593ce01e0fb3",
                "policy": {
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Effect": "Allow",
                      "Action": [
                        "ec2:AttachVolume",
                        "ec2:AuthorizeSecurityGroupIngress",
                        "ec2:CreateRoute",
                        "ec2:CreateSecurityGroup",
                        "ec2:CreateTags",
                        "ec2:CreateVolume",
                        "ec2:DeleteRoute",
                        "ec2:DeleteSecurityGroup",
                        "ec2:DeleteVolume",
                        "ec2:DescribeInstances",
                        "ec2:DescribeRouteTables",
                        "ec2:DescribeSecurityGroups",
                        "ec2:DescribeSubnets",
                        "ec2:DescribeVolumes",
                        "ec2:DetachVolume",
                        "ec2:ModifyInstanceAttribute",
                        "ec2:RevokeSecurityGroupIngress"
                      ],
                      "Resource": [
                        "*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "elasticloadbalancing:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "route53:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": "s3:*",
                      "Resource": [
                        "arn:aws:s3:::kubernetes-*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "ecr:GetAuthorizationToken",
                        "ecr:BatchCheckLayerAvailability",
                        "ecr:GetDownloadUrlForLayer",
                        "ecr:GetRepositoryPolicy",
                        "ecr:DescribeRepositories",
                        "ecr:ListImages",
                        "ecr:BatchGetImage"
                      ],
                      "Resource": "*"
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "autoscaling:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    }
                  ]
                },
                "assume_role_policy_document": {
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Effect": "Allow",
                      "Principal": {
                        "Service": [
                          "ec2.amazonaws.com"
                        ]
                      },
                      "Action": "sts:AssumeRole"
                    }
                  ]
                },
                "provider": "https://api.engineyard.com/providers/2",
                "policy_arn": "arn:aws:iam:373b637b-d032-492b-bcfa-16012a78e455:policy/593ce01e0fb3",
                "instance_profile": true,
                "user_managed_policy": true,
                "path": "/"
              }
            ]
          }
            
          








Get a role

GET /iam_roles/:role_id

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "iam_role": {
              "created_at": "2017-02-22T17:02:20+00:00",
              "deleted_at": null,
              "id": "f8215415-fe78-4949-a17a-b046b0bf7129",
              "name": "5b55a0eef728",
              "updated_at": "2017-02-22T17:02:20+00:00",
              "provisioner_id": "ae324bee-b901-4f9f-8eb5-9c2a31db619b",
              "provisioned_id": "5b55a0eef728",
              "arn": "arn:aws:iam:9832160301:role/5b55a0eef728",
              "policy": {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Effect": "Allow",
                    "Action": [
                      "ec2:AttachVolume",
                      "ec2:AuthorizeSecurityGroupIngress",
                      "ec2:CreateRoute",
                      "ec2:CreateSecurityGroup",
                      "ec2:CreateTags",
                      "ec2:CreateVolume",
                      "ec2:DeleteRoute",
                      "ec2:DeleteSecurityGroup",
                      "ec2:DeleteVolume",
                      "ec2:DescribeInstances",
                      "ec2:DescribeRouteTables",
                      "ec2:DescribeSecurityGroups",
                      "ec2:DescribeSubnets",
                      "ec2:DescribeVolumes",
                      "ec2:DetachVolume",
                      "ec2:ModifyInstanceAttribute",
                      "ec2:RevokeSecurityGroupIngress"
                    ],
                    "Resource": [
                      "*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "elasticloadbalancing:*"
                    ],
                    "Resource": [
                      "*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "route53:*"
                    ],
                    "Resource": [
                      "*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": "s3:*",
                    "Resource": [
                      "arn:aws:s3:::kubernetes-*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "ecr:GetAuthorizationToken",
                      "ecr:BatchCheckLayerAvailability",
                      "ecr:GetDownloadUrlForLayer",
                      "ecr:GetRepositoryPolicy",
                      "ecr:DescribeRepositories",
                      "ecr:ListImages",
                      "ecr:BatchGetImage"
                    ],
                    "Resource": "*"
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "autoscaling:*"
                    ],
                    "Resource": [
                      "*"
                    ]
                  }
                ]
              },
              "assume_role_policy_document": {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Effect": "Allow",
                    "Principal": {
                      "Service": [
                        "ec2.amazonaws.com"
                      ]
                    },
                    "Action": "sts:AssumeRole"
                  }
                ]
              },
              "provider": "https://api.engineyard.com/providers/3",
              "policy_arn": "arn:aws:iam:8086bd98-a3db-467a-9d59-69b92244e71d:policy/5b55a0eef728",
              "instance_profile": true,
              "user_managed_policy": true,
              "path": "/"
            }
          }
            
          








Create an IAM role

POST /iam_roles

Parameters

assume_role_policy_document
required: false
Role policy document for the API call: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
instance_profile
required: false
default: true
Should the role have an associated instance profile
name
required: false
Name of the Role
path
required: false
Path of the role. Default '/'
policy
required: false
Policy document to use. Not required, but if specified, valid values are: [EFSBackupPolicy, KubeyPolicy]
policy_arn
required: false
Amazon Resource Name of the policy to use if you aren't using a user managed policy
user_managed_policy
required: false
Is the policy you are using going to be custom

Request

          Accept: application/vnd.engineyard.v3+json
          Content-Type: application/json
          
            
          {
            "provider": 1,
            "iam_role": {
              "instance_profile": true,
              "name": "6f7ddf128c",
              "path": "/",
              "policy": "KubeyPolicy",
              "user_managed_policy": true
            }
          }
            
          

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "request": {
              "type": "provision_iam_role",
              "id": "99a60359-3527-474b-bcac-81f9ae752628",
              "created_at": "2017-02-22T17:02:05+00:00",
              "started_at": "2017-02-22T17:02:05+00:00",
              "finished_at": "2017-02-22T17:02:05+00:00",
              "message": null,
              "request_status": "Finished: Provision iam role (99a60359-3527-474b-bcac-81f9ae752628) (less than a minute ago)",
              "successful": true,
              "updated_at": "2017-02-22T17:02:05+00:00",
              "read_channel": null,
              "stage": "create",
              "dependencies": "https://api.engineyard.com/requests/99a60359-3527-474b-bcac-81f9ae752628/dependencies",
              "stages": "https://api.engineyard.com/requests/99a60359-3527-474b-bcac-81f9ae752628/stages",
              "account": "https://api.engineyard.com/accounts/bb28533f-8348-47d9-a7cb-895a6b039c55",
              "requester": "https://api.engineyard.com/requests/99a60359-3527-474b-bcac-81f9ae752628/requester",
              "messages": "https://api.engineyard.com/requests/99a60359-3527-474b-bcac-81f9ae752628/messages",
              "callback_url": "https://api.engineyard.com/requests/99a60359-3527-474b-bcac-81f9ae752628/callback",
              "progress": false,
              "resource": "https://api.engineyard.com/iam_roles/a8f8e0be-0c5c-4f01-b03d-3ba3d8d7171f"
            }
          }
            
          








Delete a role

DELETE /iam_roles/:role_id

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "request": {
              "type": "deprovision_iam_role",
              "id": "4211fbc5-cd7f-4b5d-bff5-7cd4624ece39",
              "created_at": "2017-02-22T17:02:28+00:00",
              "started_at": "2017-02-22T17:02:28+00:00",
              "finished_at": "2017-02-22T17:02:29+00:00",
              "message": null,
              "request_status": "Finished: Deprovision iam role (4211fbc5-cd7f-4b5d-bff5-7cd4624ece39) (less than a minute ago)",
              "successful": true,
              "updated_at": "2017-02-22T17:02:29+00:00",
              "read_channel": null,
              "stage": "destroy",
              "dependencies": "https://api.engineyard.com/requests/4211fbc5-cd7f-4b5d-bff5-7cd4624ece39/dependencies",
              "stages": "https://api.engineyard.com/requests/4211fbc5-cd7f-4b5d-bff5-7cd4624ece39/stages",
              "account": "https://api.engineyard.com/accounts/58717abd-6395-4ad3-800f-3cee37180f0a",
              "requester": "https://api.engineyard.com/requests/4211fbc5-cd7f-4b5d-bff5-7cd4624ece39/requester",
              "messages": "https://api.engineyard.com/requests/4211fbc5-cd7f-4b5d-bff5-7cd4624ece39/messages",
              "callback_url": "https://api.engineyard.com/requests/4211fbc5-cd7f-4b5d-bff5-7cd4624ece39/callback",
              "progress": false,
              "resource": false
            }
          }