def get_role_arn(role_params):
if role_params['account_id']:
# Try to map the name to an account ID. If it isn't found, assume an ID was passed
# in and use it as-is.
role_params['account_id'] = app.config['AWS_ACCOUNT_MAP'].get(
role_params['account_id'],
role_params['account_id']
)
else:
if app.config['DEFAULT_ACCOUNT_ID']:
role_params['account_id'] = app.config['DEFAULT_ACCOUNT_ID']
# No default account id defined. Get the ARN by looking up the role
# name. This is a backwards compat use-case for when we didn't require
# the default account id.
else:
iam = iam_client()
try:
with PrintingBlockTimer('iam.get_role'):
role = iam.get_role(RoleName=role_params['name'])
return role['Role']['Arn']
except ClientError as e:
response = e.response['ResponseMetadata']
raise GetRoleError((response['HTTPStatusCode'], e.message))
# Return a generated ARN
return 'arn:aws:iam::{account_id}:role/{name}'.format(**role_params)
评论列表
文章目录
