You are viewing documentation for version 3 of the AWS SDK for Ruby. Version 2 documentation can be found here.

Class: Aws::IAM::Role

Inherits:
Object
  • Object
show all
Defined in:
gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb

Defined Under Namespace

Classes: Collection

Actions collapse

Associations collapse

Read-Only Attributes collapse

Instance Method Summary collapse

Constructor Details

#initialize(name, options = {}) ⇒ Role #initialize(options = {}) ⇒ Role

Returns a new instance of Role

Overloads:

  • #initialize(name, options = {}) ⇒ Role

    Parameters:

    • name (String)

    Options Hash (options):

  • #initialize(options = {}) ⇒ Role

    Options Hash (options):

    • :name (required, String)
    • :client (Client)


19
20
21
22
23
24
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 19

def initialize(*args)
  options = Hash === args.last ? args.pop.dup : {}
  @name = extract_name(args, options)
  @data = options.delete(:data)
  @client = options.delete(:client) || Client.new(options)
end

Instance Method Details

#arnString

The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide guide.

Returns:

  • (String)


65
66
67
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 65

def arn
  data[:arn]
end

#assume_role_policyAssumeRolePolicy

Returns:



282
283
284
285
286
287
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 282

def assume_role_policy
  AssumeRolePolicy.new(
    role_name: @name,
    client: @client
  )
end

#assume_role_policy_documentString

The policy that grants an entity permission to assume the role.

Returns:

  • (String)


82
83
84
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 82

def assume_role_policy_document
  data[:assume_role_policy_document]
end

#attach_policy(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


role.attach_policy({
  policy_arn: "arnType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

Returns:

  • (EmptyStructure)


240
241
242
243
244
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 240

def attach_policy(options = {})
  options = options.merge(role_name: @name)
  resp = @client.attach_role_policy(options)
  resp.data
end

#attached_policies(options = {}) ⇒ Policy::Collection

Examples:

Request syntax with placeholder values


attached_policies = role.attached_policies({
  path_prefix: "policyPathType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.

    This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 311

def attached_policies(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(role_name: @name)
    resp = @client.list_attached_role_policies(options)
    resp.each_page do |page|
      batch = []
      page.data.attached_policies.each do |a|
        batch << Policy.new(
          arn: a.policy_arn,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Policy::Collection.new(batches)
end

#clientClient

Returns:



95
96
97
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 95

def client
  @client
end

#create_dateTime

The date and time, in ISO 8601 date-time format, when the role was created.

Returns:

  • (Time)


76
77
78
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 76

def create_date
  data[:create_date]
end

#dataTypes::Role

Returns the data for this Aws::IAM::Role. Calls Client#get_role if #data_loaded? is false.

Returns:



115
116
117
118
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 115

def data
  load unless @data
  @data
end

#data_loaded?Boolean

Returns true if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

Returns:

  • (Boolean)

    Returns true if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.



123
124
125
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 123

def data_loaded?
  !!@data
end

#delete(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


role.delete()

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Returns:

  • (EmptyStructure)


251
252
253
254
255
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 251

def delete(options = {})
  options = options.merge(role_name: @name)
  resp = @client.delete_role(options)
  resp.data
end

#descriptionString

A description of the role that you provide.

Returns:

  • (String)


88
89
90
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 88

def description
  data[:description]
end

#detach_policy(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


role.detach_policy({
  policy_arn: "arnType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

Returns:

  • (EmptyStructure)


273
274
275
276
277
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 273

def detach_policy(options = {})
  options = options.merge(role_name: @name)
  resp = @client.detach_role_policy(options)
  resp.data
end

#instance_profiles(options = {}) ⇒ InstanceProfile::Collection

Examples:

Request syntax with placeholder values


role.instance_profiles()

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Returns:



334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 334

def instance_profiles(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(role_name: @name)
    resp = @client.list_instance_profiles_for_role(options)
    resp.each_page do |page|
      batch = []
      page.data.instance_profiles.each do |i|
        batch << InstanceProfile.new(
          name: i.instance_profile_name,
          data: i,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  InstanceProfile::Collection.new(batches)
end

#loadself Also known as: reload

Loads, or reloads #data for the current Aws::IAM::Role. Returns self making it possible to chain methods.

role.reload.data

Returns:

  • (self)


105
106
107
108
109
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 105

def load
  resp = @client.get_role(role_name: @name)
  @data = resp.role
  self
end

#nameString Also known as: role_name

Returns:

  • (String)


29
30
31
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 29

def name
  @name
end

#pathString

The path to the role. For more information about paths, see IAM Identifiers in the Using IAM guide.

Returns:

  • (String)


41
42
43
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 41

def path
  data[:path]
end

#policies(options = {}) ⇒ RolePolicy::Collection

Examples:

Request syntax with placeholder values


role.policies()

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Returns:



358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 358

def policies(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(role_name: @name)
    resp = @client.list_role_policies(options)
    resp.each_page do |page|
      batch = []
      page.data.policy_names.each do |p|
        batch << RolePolicy.new(
          role_name: @name,
          name: p,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  RolePolicy::Collection.new(batches)
end

#policy(name) ⇒ RolePolicy

Parameters:

  • name (String)

Returns:



379
380
381
382
383
384
385
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 379

def policy(name)
  RolePolicy.new(
    role_name: @name,
    name: name,
    client: @client
  )
end

#role_idString

The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the Using IAM guide.

Returns:

  • (String)


53
54
55
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 53

def role_id
  data[:role_id]
end

#wait_until(options = {}, &block) ⇒ Resource

Deprecated.

Use [Aws::IAM::Client] #wait_until instead

Note:

The waiting operation is performed on a copy. The original resource remains unchanged

Waiter polls an API operation until a resource enters a desired state.

Basic Usage

Waiter will polls until it is successful, it fails by entering a terminal state, or until a maximum number of attempts are made.

# polls in a loop until condition is true
resource.wait_until(options) {|resource| condition}

Example

instance.wait_until(max_attempts:10, delay:5) {|instance| instance.state.name == 'running' }

Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. The waiting condition is set by passing a block to #wait_until:

# poll for ~25 seconds
resource.wait_until(max_attempts:5,delay:5) {|resource|...}

Callbacks

You can be notified before each polling attempt and before each delay. If you throw :success or :failure from these callbacks, it will terminate the waiter.

started_at = Time.now
# poll for 1 hour, instead of a number of attempts
proc = Proc.new do |attempts, response|
  throw :failure if Time.now - started_at > 3600
end

  # disable max attempts
instance.wait_until(before_wait:proc, max_attempts:nil) {...}

Handling Errors

When a waiter is successful, it returns the Resource. When a waiter fails, it raises an error.

begin
  resource.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

attempts attempt in seconds invoked before each attempt invoked before each wait

Parameters:

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :max_attempts (Integer) — default: 10

    Maximum number of

  • :delay (Integer) — default: 10

    Delay between each

  • :before_attempt (Proc) — default: nil

    Callback

  • :before_wait (Proc) — default: nil

    Callback

Returns:

  • (Resource)

    if the waiter was successful

Raises:

  • (Aws::Waiters::Errors::FailureStateError)

    Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

    yet successful.

  • (Aws::Waiters::Errors::UnexpectedError)

    Raised when an error is encountered while polling for a resource that is not expected.

  • (NotImplementedError)

    Raised when the resource does not



205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 205

def wait_until(options = {}, &block)
  self_copy = self.dup
  attempts = 0
  options[:max_attempts] = 10 unless options.key?(:max_attempts)
  options[:delay] ||= 10
  options[:poller] = Proc.new do
    attempts += 1
    if block.call(self_copy)
      [:success, self_copy]
    else
      self_copy.reload unless attempts == options[:max_attempts]
      :retry
    end
  end
  Aws::Waiters::Waiter.new(options).wait({})
end