createRole

Exports an async function that creates one "kitchen sink" role for all AWS services to use. This module first creates an IAMClient, then creates a role, and finally adds permissions/policies (used as synonyms herein) with the help of a the helper function retry().

Source:

(require("createRole"))(region, roleName) → {String}

Source:

Exports createRole.

Parameters:
Name Type Description
region String

A constant destructured from the CLI user's answers in deploy.js. Like "us-east-2".

roleName String

Made in deploy.js: beekeeper-${PROFILE_NAME}-master-role

Returns:

A constant Amazon Resource Number uniquely identifying the role. It is needed by many other modules called in deploy.js because AWS services often need to be associated with a role containing their permissions.

Type
String

Members

(inner, constant) arnPermissions

Source:

This constant is an array containing all the specific policies our infrastructure uses. We are creating one role that will have all of these policies attached to it.

(inner, constant) policy

Source:

This constant is the general policy document. It is used by createRole.

Methods

(async, inner) addPermissions(iam, roleName)

Source:

This function adds all the permissions from the arnPermissions array to the role we created. Adding multiple permissions in succession sometimes causes throttling by AWS, so we use a helper function retry(); if adding a permission fails, it waits more time and retries again. This function only iterates the arnPermissions array and uses the helper retry(); the concern of actually attaching the policy/permission to the role is left to attachPolicy(). Policy/permission are used interchangeably here.

Parameters:
Name Type Description
iam IAMClient
roleName String

A constant made in deploy.js: beekeeper-${PROFILE_NAME}-master-role

(async, inner) attachPolicy(iam, arnPermission, roleName) → {Object}

Source:

This function actually attaches a permission/policy to the role.

Parameters:
Name Type Description
iam IAMClient

A IAM client: new IAMClient({ region })

arnPermission String

One of the permissions from the arnPermissions constant.

roleName String

A constant made in deploy.js: beekeeper-${PROFILE_NAME}-master-role

Returns:

An object with properties the retry() helper function is expecting.

Type
Object

(async, inner) createRole(iam, policyDoc, roleName) → {String}

Source:

We must create a role first before we can add specific service-level policies to it.

Parameters:
Name Type Description
iam IAMClient

A IAM client: new IAMClient({ region })

policyDoc Object

A constant defining the policy.

roleName String

A constant made in deploy.js: beekeeper-${PROFILE_NAME}-master-role

Returns:

data.Role.Arn This is an Amazon Resource Number uniquely identifying the role.

Type
String