createRole - Documentation

Exports an async function that creates one "kitchen sink" role for all AWS services to use. This module first creates an IAMClient, then creates a role, and finally adds permissions/policies (used as synonyms herein) with the help of a the helper function retry().

Source:

aws/deploy/createRole.js, line 1

(require("createRole"))(region, roleName) → {String}

Source:

aws/deploy/createRole.js, line 110

Exports createRole.

Parameters:

Name	Type	Description
`region`	String	A constant destructured from the CLI user's answers in deploy.js. Like "us-east-2".
`roleName`	String	Made in deploy.js: `beekeeper-${PROFILE_NAME}-master-role`

Returns:

A constant Amazon Resource Number uniquely identifying the role. It is needed by many other modules called in deploy.js because AWS services often need to be associated with a role containing their permissions.

Type: String

Members

(inner, constant) arnPermissions

Source:

aws/deploy/createRole.js, line 38

This constant is an array containing all the specific policies our infrastructure uses. We are creating one role that will have all of these policies attached to it.

(inner, constant) policy

Source:

aws/deploy/createRole.js, line 16

This constant is the general policy document. It is used by createRole.

Methods

(async, inner) addPermissions(iam, roleName)

Source:

aws/deploy/createRole.js, line 75

This function adds all the permissions from the arnPermissions array to the role we created. Adding multiple permissions in succession sometimes causes throttling by AWS, so we use a helper function retry(); if adding a permission fails, it waits more time and retries again. This function only iterates the arnPermissions array and uses the helper retry(); the concern of actually attaching the policy/permission to the role is left to attachPolicy(). Policy/permission are used interchangeably here.

Parameters:

Name	Type	Description
`iam`	IAMClient
`roleName`	String	A constant made in deploy.js: `beekeeper-${PROFILE_NAME}-master-role`

(async, inner) attachPolicy(iam, arnPermission, roleName) → {Object}

Source:

aws/deploy/createRole.js, line 88

This function actually attaches a permission/policy to the role.

Parameters:

Name	Type	Description
`iam`	IAMClient	A IAM client: new IAMClient({ region })
`arnPermission`	String	One of the permissions from the arnPermissions constant.
`roleName`	String	A constant made in deploy.js: `beekeeper-${PROFILE_NAME}-master-role`

Returns:

An object with properties the retry() helper function is expecting.

Type: Object

(async, inner) createRole(iam, policyDoc, roleName) → {String}

Source:

aws/deploy/createRole.js, line 53

We must create a role first before we can add specific service-level policies to it.

Parameters:

Name	Type	Description
`iam`	IAMClient	A IAM client: new IAMClient({ region })
`policyDoc`	Object	A constant defining the policy.
`roleName`	String	A constant made in deploy.js: `beekeeper-${PROFILE_NAME}-master-role`

Returns:

data.Role.Arn This is an Amazon Resource Number uniquely identifying the role.

Type: String