You are viewing documentation for version 3 of the AWS SDK for Ruby. Version 2 documentation can be found here.

Class: Aws::IAM::Role

Inherits:
Object
  • Object
show all
Defined in:
gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb

Defined Under Namespace

Classes: Collection

Actions collapse

Associations collapse

Read-Only Attributes collapse

Instance Method Summary collapse

Constructor Details

#initialize(name, options = {}) ⇒ Role #initialize(options = {}) ⇒ Role

Returns a new instance of Role

Overloads:

  • #initialize(name, options = {}) ⇒ Role

    Parameters:

    • name (String)

    Options Hash (options):

  • #initialize(options = {}) ⇒ Role

    Options Hash (options):

    • :name (required, String)
    • :client (Client)


19
20
21
22
23
24
25
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 19

def initialize(*args)
  options = Hash === args.last ? args.pop.dup : {}
  @name = extract_name(args, options)
  @data = options.delete(:data)
  @client = options.delete(:client) || Client.new(options)
  @waiter_block_warned = false
end

Instance Method Details

#arnString

The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide guide.

Returns:

  • (String)


66
67
68
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 66

def arn
  data[:arn]
end

#assume_role_policyAssumeRolePolicy

Returns:



334
335
336
337
338
339
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 334

def assume_role_policy
  AssumeRolePolicy.new(
    role_name: @name,
    client: @client
  )
end

#assume_role_policy_documentString

The policy that grants an entity permission to assume the role.

Returns:

  • (String)


83
84
85
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 83

def assume_role_policy_document
  data[:assume_role_policy_document]
end

#attach_policy(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


role.attach_policy({
  policy_arn: "arnType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

Returns:

  • (EmptyStructure)


292
293
294
295
296
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 292

def attach_policy(options = {})
  options = options.merge(role_name: @name)
  resp = @client.attach_role_policy(options)
  resp.data
end

#attached_policies(options = {}) ⇒ Policy::Collection

Examples:

Request syntax with placeholder values


attached_policies = role.attached_policies({
  path_prefix: "policyPathType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies.

    This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 363

def attached_policies(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(role_name: @name)
    resp = @client.list_attached_role_policies(options)
    resp.each_page do |page|
      batch = []
      page.data.attached_policies.each do |a|
        batch << Policy.new(
          arn: a.policy_arn,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Policy::Collection.new(batches)
end

#clientClient

Returns:



147
148
149
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 147

def client
  @client
end

#create_dateTime

The date and time, in ISO 8601 date-time format, when the role was created.

Returns:

  • (Time)


77
78
79
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 77

def create_date
  data[:create_date]
end

#dataTypes::Role

Returns the data for this Aws::IAM::Role. Calls Client#get_role if #data_loaded? is false.

Returns:



167
168
169
170
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 167

def data
  load unless @data
  @data
end

#data_loaded?Boolean

Returns true if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

Returns:

  • (Boolean)

    Returns true if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.



175
176
177
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 175

def data_loaded?
  !!@data
end

#delete(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


role.delete()

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Returns:

  • (EmptyStructure)


303
304
305
306
307
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 303

def delete(options = {})
  options = options.merge(role_name: @name)
  resp = @client.delete_role(options)
  resp.data
end

#descriptionString

A description of the role that you provide.

Returns:

  • (String)


89
90
91
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 89

def description
  data[:description]
end

#detach_policy(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


role.detach_policy({
  policy_arn: "arnType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

Returns:

  • (EmptyStructure)


325
326
327
328
329
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 325

def detach_policy(options = {})
  options = options.merge(role_name: @name)
  resp = @client.detach_role_policy(options)
  resp.data
end

#instance_profiles(options = {}) ⇒ InstanceProfile::Collection

Examples:

Request syntax with placeholder values


role.instance_profiles()

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Returns:



386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 386

def instance_profiles(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(role_name: @name)
    resp = @client.list_instance_profiles_for_role(options)
    resp.each_page do |page|
      batch = []
      page.data.instance_profiles.each do |i|
        batch << InstanceProfile.new(
          name: i.instance_profile_name,
          data: i,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  InstanceProfile::Collection.new(batches)
end

#loadself Also known as: reload

Loads, or reloads #data for the current Aws::IAM::Role. Returns self making it possible to chain methods.

role.reload.data

Returns:

  • (self)


157
158
159
160
161
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 157

def load
  resp = @client.get_role(role_name: @name)
  @data = resp.role
  self
end

#max_session_durationInteger

The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter.

Returns:

  • (Integer)


98
99
100
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 98

def max_session_duration
  data[:max_session_duration]
end

#nameString Also known as: role_name

Returns:

  • (String)


30
31
32
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 30

def name
  @name
end

#pathString

The path to the role. For more information about paths, see IAM Identifiers in the IAM User Guide.

Returns:

  • (String)


42
43
44
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 42

def path
  data[:path]
end

#permissions_boundaryTypes::AttachedPermissionsBoundary

The ARN of the policy used to set the permissions boundary for the role.

For more information about permissions boundaries, see Permissions Boundaries for IAM Identities in the IAM User Guide.



112
113
114
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 112

def permissions_boundary
  data[:permissions_boundary]
end

#policies(options = {}) ⇒ RolePolicy::Collection

Examples:

Request syntax with placeholder values


role.policies()

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Returns:



410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 410

def policies(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(role_name: @name)
    resp = @client.list_role_policies(options)
    resp.each_page do |page|
      batch = []
      page.data.policy_names.each do |p|
        batch << RolePolicy.new(
          role_name: @name,
          name: p,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  RolePolicy::Collection.new(batches)
end

#policy(name) ⇒ RolePolicy

Parameters:

  • name (String)

Returns:



431
432
433
434
435
436
437
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 431

def policy(name)
  RolePolicy.new(
    role_name: @name,
    name: name,
    client: @client
  )
end

#role_idString

The stable and unique string identifying the role. For more information about IDs, see IAM Identifiers in the IAM User Guide.

Returns:

  • (String)


54
55
56
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 54

def role_id
  data[:role_id]
end

#role_last_usedTypes::RoleLastUsed

Contains information about the last time that an IAM role was used. This includes the date and time and the Region in which the role was last used. Activity is only reported for the trailing 400 days. This period can be shorter if your Region began supporting these features within the last year. The role might have been used more than 400 days ago. For more information, see Regions Where Data Is Tracked in the IAM User Guide.

Returns:



140
141
142
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 140

def role_last_used
  data[:role_last_used]
end

#tagsArray<Types::Tag>

A list of tags that are attached to the specified role. For more information about tagging, see Tagging IAM Identities in the IAM User Guide.

Returns:



124
125
126
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 124

def tags
  data[:tags]
end

#wait_until(options = {}, &block) ⇒ Resource

Deprecated.

Use [Aws::IAM::Client] #wait_until instead

Note:

The waiting operation is performed on a copy. The original resource remains unchanged

Waiter polls an API operation until a resource enters a desired state.

Basic Usage

Waiter will polls until it is successful, it fails by entering a terminal state, or until a maximum number of attempts are made.

# polls in a loop until condition is true
resource.wait_until(options) {|resource| condition}

Example

instance.wait_until(max_attempts:10, delay:5) {|instance| instance.state.name == 'running' }

Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. The waiting condition is set by passing a block to #wait_until:

# poll for ~25 seconds
resource.wait_until(max_attempts:5,delay:5) {|resource|...}

Callbacks

You can be notified before each polling attempt and before each delay. If you throw :success or :failure from these callbacks, it will terminate the waiter.

started_at = Time.now
# poll for 1 hour, instead of a number of attempts
proc = Proc.new do |attempts, response|
  throw :failure if Time.now - started_at > 3600
end

  # disable max attempts
instance.wait_until(before_wait:proc, max_attempts:nil) {...}

Handling Errors

When a waiter is successful, it returns the Resource. When a waiter fails, it raises an error.

begin
  resource.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

attempts attempt in seconds invoked before each attempt invoked before each wait

Parameters:

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :max_attempts (Integer) — default: 10

    Maximum number of

  • :delay (Integer) — default: 10

    Delay between each

  • :before_attempt (Proc) — default: nil

    Callback

  • :before_wait (Proc) — default: nil

    Callback

Returns:

  • (Resource)

    if the waiter was successful

Raises:

  • (Aws::Waiters::Errors::FailureStateError)

    Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

    yet successful.

  • (Aws::Waiters::Errors::UnexpectedError)

    Raised when an error is encountered while polling for a resource that is not expected.

  • (NotImplementedError)

    Raised when the resource does not



257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/role.rb', line 257

def wait_until(options = {}, &block)
  self_copy = self.dup
  attempts = 0
  options[:max_attempts] = 10 unless options.key?(:max_attempts)
  options[:delay] ||= 10
  options[:poller] = Proc.new do
    attempts += 1
    if block.call(self_copy)
      [:success, self_copy]
    else
      self_copy.reload unless attempts == options[:max_attempts]
      :retry
    end
  end
  Aws::Waiters::Waiter.new(options).wait({})
end