Iam roles API


Create an IAM role

POST /iam_roles

Parameters

assume_role_policy_document
required: false
Role policy document for the API call: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
instance_profile
required: false
default: true
Should the role have an associated instance profile
name
required: false
Name of the Role
path
required: false
Path of the role. Default '/'
policy
required: false
Policy document to use. Not required, but if specified, valid values are: [EFSBackupPolicy, KubeyPolicy]
policy_arn
required: false
Amazon Resource Name of the policy to use if you aren't using a user managed policy
user_managed_policy
required: false
Is the policy you are using going to be custom

Request

          Accept: application/vnd.engineyard.v3+json
          Content-Type: application/json
          
            
          {
            "provider": 277,
            "iam_role": {
              "instance_profile": true,
              "name": "6d6c3444dc",
              "path": "/",
              "policy": "KubeyPolicy",
              "user_managed_policy": true
            }
          }
            
          

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "request": {
              "type": "provision_iam_role",
              "id": "181a576d-ab24-4d87-b238-792f754c58b2",
              "created_at": "2018-05-29T11:00:30+00:00",
              "started_at": "2018-05-29T11:00:30+00:00",
              "finished_at": "2018-05-29T11:00:31+00:00",
              "message": null,
              "request_status": "Finished: Provision iam role (181a576d-ab24-4d87-b238-792f754c58b2) (less than a minute ago)",
              "successful": true,
              "updated_at": "2018-05-29T11:00:31+00:00",
              "read_channel": null,
              "stage": "create",
              "dependencies": "https://api.engineyard.com/requests/181a576d-ab24-4d87-b238-792f754c58b2/dependencies",
              "stages": "https://api.engineyard.com/requests/181a576d-ab24-4d87-b238-792f754c58b2/stages",
              "account": "https://api.engineyard.com/accounts/97e7fbed-da5e-4d7e-9937-1db72290d12a",
              "requester": "https://api.engineyard.com/requests/181a576d-ab24-4d87-b238-792f754c58b2/requester",
              "messages": "https://api.engineyard.com/requests/181a576d-ab24-4d87-b238-792f754c58b2/messages",
              "callback_url": "https://api.engineyard.com/requests/181a576d-ab24-4d87-b238-792f754c58b2/callback",
              "progress": false,
              "resource": "https://api.engineyard.com/iam_roles/5c959f5c-67e2-4c02-82fe-5c10e541b890"
            }
          }
            
          








Delete a role

DELETE /iam_roles/:role_id

Request

          Accept: application/vnd.engineyard.v3+json
          Content-Type: application/json
          
            
          {
          }
            
          

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "request": {
              "type": "deprovision_iam_role",
              "id": "ab4878ff-74e7-45f8-950d-f2d78f3c33ab",
              "created_at": "2018-05-29T11:00:39+00:00",
              "started_at": "2018-05-29T11:00:39+00:00",
              "finished_at": "2018-05-29T11:00:39+00:00",
              "message": null,
              "request_status": "Finished: Deprovision iam role (ab4878ff-74e7-45f8-950d-f2d78f3c33ab) (less than a minute ago)",
              "successful": true,
              "updated_at": "2018-05-29T11:00:39+00:00",
              "read_channel": null,
              "stage": "destroy",
              "dependencies": "https://api.engineyard.com/requests/ab4878ff-74e7-45f8-950d-f2d78f3c33ab/dependencies",
              "stages": "https://api.engineyard.com/requests/ab4878ff-74e7-45f8-950d-f2d78f3c33ab/stages",
              "account": "https://api.engineyard.com/accounts/7ebfdebe-262b-4e5c-b485-4c9bf0bf828d",
              "requester": "https://api.engineyard.com/requests/ab4878ff-74e7-45f8-950d-f2d78f3c33ab/requester",
              "messages": "https://api.engineyard.com/requests/ab4878ff-74e7-45f8-950d-f2d78f3c33ab/messages",
              "callback_url": "https://api.engineyard.com/requests/ab4878ff-74e7-45f8-950d-f2d78f3c33ab/callback",
              "progress": false,
              "resource": false
            }
          }
            
          








Get a role

GET /iam_roles/:role_id

Request

          Accept: application/vnd.engineyard.v3+json
          Content-Type: application/json
          
            
          {
          }
            
          

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "iam_role": {
              "created_at": "2018-05-29T11:00:36+00:00",
              "deleted_at": null,
              "id": "e119fc4d-f389-48c1-9780-faa4b4d88c9d",
              "name": "9eb386139eda",
              "updated_at": "2018-05-29T11:00:36+00:00",
              "provisioner_id": "11323f27-8caf-4800-9a85-234f93a5fac7",
              "provisioned_id": "9eb386139eda",
              "arn": "arn:aws:iam:0618120053:role/9eb386139eda",
              "policy": {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Effect": "Allow",
                    "Action": [
                      "ec2:AttachVolume",
                      "ec2:AuthorizeSecurityGroupIngress",
                      "ec2:CreateRoute",
                      "ec2:CreateSecurityGroup",
                      "ec2:CreateTags",
                      "ec2:CreateVolume",
                      "ec2:DeleteRoute",
                      "ec2:DeleteSecurityGroup",
                      "ec2:DeleteVolume",
                      "ec2:DescribeInstances",
                      "ec2:DescribeRouteTables",
                      "ec2:DescribeSecurityGroups",
                      "ec2:DescribeSubnets",
                      "ec2:DescribeVolumes",
                      "ec2:DetachVolume",
                      "ec2:ModifyInstanceAttribute",
                      "ec2:RevokeSecurityGroupIngress"
                    ],
                    "Resource": [
                      "*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "elasticloadbalancing:*"
                    ],
                    "Resource": [
                      "*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "route53:*"
                    ],
                    "Resource": [
                      "*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": "s3:*",
                    "Resource": [
                      "arn:aws:s3:::kubernetes-*"
                    ]
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "ecr:GetAuthorizationToken",
                      "ecr:BatchCheckLayerAvailability",
                      "ecr:GetDownloadUrlForLayer",
                      "ecr:GetRepositoryPolicy",
                      "ecr:DescribeRepositories",
                      "ecr:ListImages",
                      "ecr:BatchGetImage",
                      "ecr:InitiateLayerUpload",
                      "ecr:UploadLayerPart",
                      "ecr:PutImage",
                      "ecr:CompleteLayerUpload",
                      "ecr:CreateRepository"
                    ],
                    "Resource": "*"
                  },
                  {
                    "Effect": "Allow",
                    "Action": [
                      "autoscaling:*"
                    ],
                    "Resource": [
                      "*"
                    ]
                  }
                ]
              },
              "assume_role_policy_document": {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Effect": "Allow",
                    "Principal": {
                      "Service": [
                        "ec2.amazonaws.com"
                      ]
                    },
                    "Action": "sts:AssumeRole"
                  }
                ]
              },
              "provider": "https://api.engineyard.com/providers/279",
              "policy_arn": "arn:aws:iam:407dfcba-446a-4dc8-aa3f-38197c01ae31:policy/9eb386139eda",
              "instance_profile": true,
              "user_managed_policy": true,
              "path": "/"
            }
          }
            
          








List roles

GET /iam_roles

Request

          Accept: application/vnd.engineyard.v3+json
          Content-Type: application/json
          
            
          {
          }
            
          

Response

          Status: 200 OK
          Content-Type: application/json; charset=utf-8
          
            
          {
            "iam_roles": [
              {
                "created_at": "2018-05-29T11:00:33+00:00",
                "deleted_at": null,
                "id": "8a37d3d0-d3f5-4fbc-9bd3-f14e1b713763",
                "name": "e3f5ff4f7f1b",
                "updated_at": "2018-05-29T11:00:33+00:00",
                "provisioner_id": "dda3434c-dea3-444c-b723-574a8c3931c0",
                "provisioned_id": "e3f5ff4f7f1b",
                "arn": "arn:aws:iam:2000598223:role/e3f5ff4f7f1b",
                "policy": {
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Effect": "Allow",
                      "Action": [
                        "ec2:AttachVolume",
                        "ec2:AuthorizeSecurityGroupIngress",
                        "ec2:CreateRoute",
                        "ec2:CreateSecurityGroup",
                        "ec2:CreateTags",
                        "ec2:CreateVolume",
                        "ec2:DeleteRoute",
                        "ec2:DeleteSecurityGroup",
                        "ec2:DeleteVolume",
                        "ec2:DescribeInstances",
                        "ec2:DescribeRouteTables",
                        "ec2:DescribeSecurityGroups",
                        "ec2:DescribeSubnets",
                        "ec2:DescribeVolumes",
                        "ec2:DetachVolume",
                        "ec2:ModifyInstanceAttribute",
                        "ec2:RevokeSecurityGroupIngress"
                      ],
                      "Resource": [
                        "*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "elasticloadbalancing:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "route53:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": "s3:*",
                      "Resource": [
                        "arn:aws:s3:::kubernetes-*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "ecr:GetAuthorizationToken",
                        "ecr:BatchCheckLayerAvailability",
                        "ecr:GetDownloadUrlForLayer",
                        "ecr:GetRepositoryPolicy",
                        "ecr:DescribeRepositories",
                        "ecr:ListImages",
                        "ecr:BatchGetImage",
                        "ecr:InitiateLayerUpload",
                        "ecr:UploadLayerPart",
                        "ecr:PutImage",
                        "ecr:CompleteLayerUpload",
                        "ecr:CreateRepository"
                      ],
                      "Resource": "*"
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "autoscaling:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    }
                  ]
                },
                "assume_role_policy_document": {
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Effect": "Allow",
                      "Principal": {
                        "Service": [
                          "ec2.amazonaws.com"
                        ]
                      },
                      "Action": "sts:AssumeRole"
                    }
                  ]
                },
                "provider": "https://api.engineyard.com/providers/278",
                "policy_arn": "arn:aws:iam:b7cdde43-a79b-41d9-9ada-d39909acb6f8:policy/e3f5ff4f7f1b",
                "instance_profile": true,
                "user_managed_policy": true,
                "path": "/"
              }
            ]
          }