42 lines
1.2 KiB
PowerShell
42 lines
1.2 KiB
PowerShell
|
function Get-AlkamiIamAssumeRolePolicyString {
|
||
|
|
<#
|
||
|
|
.SYNOPSIS
|
||
|
|
Returns the string for an AWS IAM assume role policy.
|
||
|
|
|
||
|
|
.PARAMETER ServiceName
|
||
|
|
[string] The AWS service name to grant sts:AssumeRole to in the policy (e.g. 'ec2', 'ecs-task').
|
||
|
|
|
||
|
|
.EXAMPLE
|
||
|
|
Get-AlkamiIamAssumeRolePolicyString -ServiceName 'ec2'
|
||
|
|
|
||
|
|
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Sid":"AllowEcsAssumeRole","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]}
|
||
|
|
#>
|
||
|
|
[CmdletBinding()]
|
||
|
|
[OutputType([string])]
|
||
|
|
param(
|
||
|
|
[Parameter(Mandatory = $true)]
|
||
|
|
[ValidateNotNullOrEmpty()]
|
||
|
|
[string] $ServiceName
|
||
|
|
)
|
||
|
|
|
||
|
|
$actualServiceName = $ServiceName
|
||
|
|
if ( $false -eq $actualServiceName.EndsWith('.amazonaws.com') ) {
|
||
|
|
$actualServiceName += '.amazonaws.com'
|
||
|
|
}
|
||
|
|
|
||
|
|
$policyObj = @{
|
||
|
|
Version = "2012-10-17"
|
||
|
|
Statement = @(
|
||
|
|
@{
|
||
|
|
Sid = "AllowAwsServiceAssumeRole"
|
||
|
|
Action = "sts:AssumeRole"
|
||
|
|
Effect = "Allow"
|
||
|
|
Principal = @{
|
||
|
|
Service = $actualServiceName
|
||
|
|
}
|
||
|
|
}
|
||
|
|
)
|
||
|
|
}
|
||
|
|
|
||
|
|
return (ConvertTo-Json -InputObject $policyObj -Compress -Depth 10)
|
||
|
|
}
|