Create an IAM group and add a user to the group using an Amazon SDK
The following code example shows how to:
Create a group and grant full Amazon S3 access permissions to it.
Create a new user with no permissions to access Amazon S3.
Add the user to the group and show that they now have permissions for Amazon S3, then clean up resources.
- .NET
-
- Amazon SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. global using Amazon.IdentityManagement; global using Amazon.S3; global using Amazon.SecurityToken; global using IAMActions; global using IamScenariosCommon; global using Microsoft.Extensions.DependencyInjection; global using Microsoft.Extensions.Hosting; global using Microsoft.Extensions.Logging; global using Microsoft.Extensions.Logging.Console; global using Microsoft.Extensions.Logging.Debug; namespace IAMActions; public class IAMWrapper { private readonly IAmazonIdentityManagementService _IAMService; /// <summary> /// Constructor for the IAMWrapper class. /// </summary> /// <param name="IAMService">An IAM client object.</param> public IAMWrapper(IAmazonIdentityManagementService IAMService) { _IAMService = IAMService; } /// <summary> /// Add an existing IAM user to an existing IAM group. /// </summary> /// <param name="userName">The username of the user to add.</param> /// <param name="groupName">The name of the group to add the user to.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> AddUserToGroupAsync(string userName, string groupName) { var response = await _IAMService.AddUserToGroupAsync(new AddUserToGroupRequest { GroupName = groupName, UserName = userName, }); return response.HttpStatusCode == HttpStatusCode.OK; } /// <summary> /// Attach an IAM policy to a role. /// </summary> /// <param name="policyArn">The policy to attach.</param> /// <param name="roleName">The role that the policy will be attached to.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> AttachRolePolicyAsync(string policyArn, string roleName) { var response = await _IAMService.AttachRolePolicyAsync(new AttachRolePolicyRequest { PolicyArn = policyArn, RoleName = roleName, }); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Create an IAM access key for a user. /// </summary> /// <param name="userName">The username for which to create the IAM access /// key.</param> /// <returns>The AccessKey.</returns> public async Task<AccessKey> CreateAccessKeyAsync(string userName) { var response = await _IAMService.CreateAccessKeyAsync(new CreateAccessKeyRequest { UserName = userName, }); return response.AccessKey; } /// <summary> /// Create an IAM group. /// </summary> /// <param name="groupName">The name to give the IAM group.</param> /// <returns>The IAM group that was created.</returns> public async Task<Group> CreateGroupAsync(string groupName) { var response = await _IAMService.CreateGroupAsync(new CreateGroupRequest { GroupName = groupName }); return response.Group; } /// <summary> /// Create an IAM policy. /// </summary> /// <param name="policyName">The name to give the new IAM policy.</param> /// <param name="policyDocument">The policy document for the new policy.</param> /// <returns>The new IAM policy object.</returns> public async Task<ManagedPolicy> CreatePolicyAsync(string policyName, string policyDocument) { var response = await _IAMService.CreatePolicyAsync(new CreatePolicyRequest { PolicyDocument = policyDocument, PolicyName = policyName, }); return response.Policy; } /// <summary> /// Create a new IAM role. /// </summary> /// <param name="roleName">The name of the IAM role.</param> /// <param name="rolePolicyDocument">The name of the IAM policy document /// for the new role.</param> /// <returns>The Amazon Resource Name (ARN) of the role.</returns> public async Task<string> CreateRoleAsync(string roleName, string rolePolicyDocument) { var request = new CreateRoleRequest { RoleName = roleName, AssumeRolePolicyDocument = rolePolicyDocument, }; var response = await _IAMService.CreateRoleAsync(request); return response.Role.Arn; } /// <summary> /// Create an IAM service-linked role. /// </summary> /// <param name="serviceName">The name of the AWS Service.</param> /// <param name="description">A description of the IAM service-linked role.</param> /// <returns>The IAM role that was created.</returns> public async Task<Role> CreateServiceLinkedRoleAsync(string serviceName, string description) { var request = new CreateServiceLinkedRoleRequest { AWSServiceName = serviceName, Description = description }; var response = await _IAMService.CreateServiceLinkedRoleAsync(request); return response.Role; } /// <summary> /// Create an IAM user. /// </summary> /// <param name="userName">The username for the new IAM user.</param> /// <returns>The IAM user that was created.</returns> public async Task<User> CreateUserAsync(string userName) { var response = await _IAMService.CreateUserAsync(new CreateUserRequest { UserName = userName }); return response.User; } /// <summary> /// Delete an IAM user's access key. /// </summary> /// <param name="accessKeyId">The Id for the IAM access key.</param> /// <param name="userName">The username of the user that owns the IAM /// access key.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> DeleteAccessKeyAsync(string accessKeyId, string userName) { var response = await _IAMService.DeleteAccessKeyAsync(new DeleteAccessKeyRequest { AccessKeyId = accessKeyId, UserName = userName, }); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Delete an IAM group. /// </summary> /// <param name="groupName">The name of the IAM group to delete.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> DeleteGroupAsync(string groupName) { var response = await _IAMService.DeleteGroupAsync(new DeleteGroupRequest { GroupName = groupName }); return response.HttpStatusCode == HttpStatusCode.OK; } /// <summary> /// Delete an IAM policy associated with an IAM group. /// </summary> /// <param name="groupName">The name of the IAM group associated with the /// policy.</param> /// <param name="policyName">The name of the policy to delete.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> DeleteGroupPolicyAsync(string groupName, string policyName) { var request = new DeleteGroupPolicyRequest() { GroupName = groupName, PolicyName = policyName, }; var response = await _IAMService.DeleteGroupPolicyAsync(request); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Delete an IAM policy. /// </summary> /// <param name="policyArn">The Amazon Resource Name (ARN) of the policy to /// delete.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> DeletePolicyAsync(string policyArn) { var response = await _IAMService.DeletePolicyAsync(new DeletePolicyRequest { PolicyArn = policyArn }); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Delete an IAM role. /// </summary> /// <param name="roleName">The name of the IAM role to delete.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> DeleteRoleAsync(string roleName) { var response = await _IAMService.DeleteRoleAsync(new DeleteRoleRequest { RoleName = roleName }); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Delete an IAM role policy. /// </summary> /// <param name="roleName">The name of the IAM role.</param> /// <param name="policyName">The name of the IAM role policy to delete.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> DeleteRolePolicyAsync(string roleName, string policyName) { var response = await _IAMService.DeleteRolePolicyAsync(new DeleteRolePolicyRequest { PolicyName = policyName, RoleName = roleName, }); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Delete an IAM user. /// </summary> /// <param name="userName">The username of the IAM user to delete.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> DeleteUserAsync(string userName) { var response = await _IAMService.DeleteUserAsync(new DeleteUserRequest { UserName = userName }); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Delete an IAM user policy. /// </summary> /// <param name="policyName">The name of the IAM policy to delete.</param> /// <param name="userName">The username of the IAM user.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> DeleteUserPolicyAsync(string policyName, string userName) { var response = await _IAMService.DeleteUserPolicyAsync(new DeleteUserPolicyRequest { PolicyName = policyName, UserName = userName }); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Detach an IAM policy from an IAM role. /// </summary> /// <param name="policyArn">The Amazon Resource Name (ARN) of the IAM policy.</param> /// <param name="roleName">The name of the IAM role.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> DetachRolePolicyAsync(string policyArn, string roleName) { var response = await _IAMService.DetachRolePolicyAsync(new DetachRolePolicyRequest { PolicyArn = policyArn, RoleName = roleName, }); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Gets the IAM password policy for an AWS account. /// </summary> /// <returns>The PasswordPolicy for the AWS account.</returns> public async Task<PasswordPolicy> GetAccountPasswordPolicyAsync() { var response = await _IAMService.GetAccountPasswordPolicyAsync(new GetAccountPasswordPolicyRequest()); return response.PasswordPolicy; } /// <summary> /// Get information about an IAM policy. /// </summary> /// <param name="policyArn">The IAM policy to retrieve information for.</param> /// <returns>The IAM policy.</returns> public async Task<ManagedPolicy> GetPolicyAsync(string policyArn) { var response = await _IAMService.GetPolicyAsync(new GetPolicyRequest { PolicyArn = policyArn }); return response.Policy; } /// <summary> /// Get information about an IAM role. /// </summary> /// <param name="roleName">The name of the IAM role to retrieve information /// for.</param> /// <returns>The IAM role that was retrieved.</returns> public async Task<Role> GetRoleAsync(string roleName) { var response = await _IAMService.GetRoleAsync(new GetRoleRequest { RoleName = roleName, }); return response.Role; } /// <summary> /// Get information about an IAM user. /// </summary> /// <param name="userName">The username of the user.</param> /// <returns>An IAM user object.</returns> public async Task<User> GetUserAsync(string userName) { var response = await _IAMService.GetUserAsync(new GetUserRequest { UserName = userName }); return response.User; } /// <summary> /// List the IAM role policies that are attached to an IAM role. /// </summary> /// <param name="roleName">The IAM role to list IAM policies for.</param> /// <returns>A list of the IAM policies attached to the IAM role.</returns> public async Task<List<AttachedPolicyType>> ListAttachedRolePoliciesAsync(string roleName) { var attachedPolicies = new List<AttachedPolicyType>(); var attachedRolePoliciesPaginator = _IAMService.Paginators.ListAttachedRolePolicies(new ListAttachedRolePoliciesRequest { RoleName = roleName }); await foreach (var response in attachedRolePoliciesPaginator.Responses) { attachedPolicies.AddRange(response.AttachedPolicies); } return attachedPolicies; } /// <summary> /// List IAM groups. /// </summary> /// <returns>A list of IAM groups.</returns> public async Task<List<Group>> ListGroupsAsync() { var groupsPaginator = _IAMService.Paginators.ListGroups(new ListGroupsRequest()); var groups = new List<Group>(); await foreach (var response in groupsPaginator.Responses) { groups.AddRange(response.Groups); } return groups; } /// <summary> /// List IAM policies. /// </summary> /// <returns>A list of the IAM policies.</returns> public async Task<List<ManagedPolicy>> ListPoliciesAsync() { var listPoliciesPaginator = _IAMService.Paginators.ListPolicies(new ListPoliciesRequest()); var policies = new List<ManagedPolicy>(); await foreach (var response in listPoliciesPaginator.Responses) { policies.AddRange(response.Policies); } return policies; } /// <summary> /// List IAM role policies. /// </summary> /// <param name="roleName">The IAM role for which to list IAM policies.</param> /// <returns>A list of IAM policy names.</returns> public async Task<List<string>> ListRolePoliciesAsync(string roleName) { var listRolePoliciesPaginator = _IAMService.Paginators.ListRolePolicies(new ListRolePoliciesRequest { RoleName = roleName }); var policyNames = new List<string>(); await foreach (var response in listRolePoliciesPaginator.Responses) { policyNames.AddRange(response.PolicyNames); } return policyNames; } /// <summary> /// List IAM roles. /// </summary> /// <returns>A list of IAM roles.</returns> public async Task<List<Role>> ListRolesAsync() { var listRolesPaginator = _IAMService.Paginators.ListRoles(new ListRolesRequest()); var roles = new List<Role>(); await foreach (var response in listRolesPaginator.Responses) { roles.AddRange(response.Roles); } return roles; } /// <summary> /// List SAML authentication providers. /// </summary> /// <returns>A list of SAML providers.</returns> public async Task<List<SAMLProviderListEntry>> ListSAMLProvidersAsync() { var response = await _IAMService.ListSAMLProvidersAsync(new ListSAMLProvidersRequest()); return response.SAMLProviderList; } /// <summary> /// List IAM users. /// </summary> /// <returns>A list of IAM users.</returns> public async Task<List<User>> ListUsersAsync() { var listUsersPaginator = _IAMService.Paginators.ListUsers(new ListUsersRequest()); var users = new List<User>(); await foreach (var response in listUsersPaginator.Responses) { users.AddRange(response.Users); } return users; } /// <summary> /// Remove a user from an IAM group. /// </summary> /// <param name="userName">The username of the user to remove.</param> /// <param name="groupName">The name of the IAM group to remove the user from.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> RemoveUserFromGroupAsync(string userName, string groupName) { // Remove the user from the group. var removeUserRequest = new RemoveUserFromGroupRequest() { UserName = userName, GroupName = groupName, }; var response = await _IAMService.RemoveUserFromGroupAsync(removeUserRequest); return response.HttpStatusCode == HttpStatusCode.OK; } /// <summary> /// Add or update an inline policy document that is embedded in an IAM group. /// </summary> /// <param name="groupName">The name of the IAM group.</param> /// <param name="policyName">The name of the IAM policy.</param> /// <param name="policyDocument">The policy document defining the IAM policy.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> PutGroupPolicyAsync(string groupName, string policyName, string policyDocument) { var request = new PutGroupPolicyRequest { GroupName = groupName, PolicyName = policyName, PolicyDocument = policyDocument }; var response = await _IAMService.PutGroupPolicyAsync(request); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Update the inline policy document embedded in a role. /// </summary> /// <param name="policyName">The name of the policy to embed.</param> /// <param name="roleName">The name of the role to update.</param> /// <param name="policyDocument">The policy document that defines the role.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> PutRolePolicyAsync(string policyName, string roleName, string policyDocument) { var request = new PutRolePolicyRequest { PolicyName = policyName, RoleName = roleName, PolicyDocument = policyDocument }; var response = await _IAMService.PutRolePolicyAsync(request); return response.HttpStatusCode == HttpStatusCode.OK; } /// <summary> /// Add or update an inline policy document that is embedded in an IAM user. /// </summary> /// <param name="userName">The name of the IAM user.</param> /// <param name="policyName">The name of the IAM policy.</param> /// <param name="policyDocument">The policy document defining the IAM policy.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> PutUserPolicyAsync(string userName, string policyName, string policyDocument) { var request = new PutUserPolicyRequest { UserName = userName, PolicyName = policyName, PolicyDocument = policyDocument }; var response = await _IAMService.PutUserPolicyAsync(request); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Wait for a new access key to be ready to use. /// </summary> /// <param name="accessKeyId">The Id of the access key.</param> /// <returns>A boolean value indicating the success of the action.</returns> public async Task<bool> WaitUntilAccessKeyIsReady(string accessKeyId) { var keyReady = false; do { try { var response = await _IAMService.GetAccessKeyLastUsedAsync( new GetAccessKeyLastUsedRequest { AccessKeyId = accessKeyId }); if (response.UserName is not null) { keyReady = true; } } catch (NoSuchEntityException) { keyReady = false; } } while (!keyReady); return keyReady; } } using Microsoft.Extensions.Configuration; namespace IAMGroups; public class IAMGroups { private static ILogger logger = null!; // Represents JSON code for AWS full access policy for Amazon Simple // Storage Service (Amazon S3). private const string S3FullAccessPolicyDocument = "{" + " \"Statement\" : [{" + " \"Action\" : [\"s3:*\"]," + " \"Effect\" : \"Allow\"," + " \"Resource\" : \"*\"" + "}]" + "}"; static async Task Main(string[] args) { // Set up dependency injection for the AWS service. using var host = Host.CreateDefaultBuilder(args) .ConfigureLogging(logging => logging.AddFilter("System", LogLevel.Debug) .AddFilter<DebugLoggerProvider>("Microsoft", LogLevel.Information) .AddFilter<ConsoleLoggerProvider>("Microsoft", LogLevel.Trace)) .ConfigureServices((_, services) => services.AddAWSService<IAmazonIdentityManagementService>() .AddTransient<IAMWrapper>() .AddTransient<UIWrapper>() ) .Build(); logger = LoggerFactory.Create(builder => { builder.AddConsole(); }) .CreateLogger<IAMGroups>(); IConfiguration configuration = new ConfigurationBuilder() .SetBasePath(Directory.GetCurrentDirectory()) .AddJsonFile("settings.json") // Load test settings from .json file. .AddJsonFile("settings.local.json", true) // Optionally load local settings. .Build(); var groupUserName = configuration["GroupUserName"]; var groupName = configuration["GroupName"]; var groupPolicyName = configuration["GroupPolicyName"]; var groupBucketName = configuration["GroupBucketName"]; var wrapper = host.Services.GetRequiredService<IAMWrapper>(); var uiWrapper = host.Services.GetRequiredService<UIWrapper>(); uiWrapper.DisplayGroupsOverview(); uiWrapper.PressEnter(); // Create an IAM group. uiWrapper.DisplayTitle("Create IAM group"); Console.WriteLine("Let's begin by creating a new IAM group."); var group = await wrapper.CreateGroupAsync(groupName); // Add an inline IAM policy to the group. uiWrapper.DisplayTitle("Add policy to group"); Console.WriteLine("Add an inline policy to the group that allows members to have full access to"); Console.WriteLine("Amazon Simple Storage Service (Amazon S3) buckets."); await wrapper.PutGroupPolicyAsync(group.GroupName, groupPolicyName, S3FullAccessPolicyDocument); uiWrapper.PressEnter(); // Now create a new user. uiWrapper.DisplayTitle("Create an IAM user"); Console.WriteLine("Now let's create a new IAM user."); var groupUser = await wrapper.CreateUserAsync(groupUserName); // Add the new user to the group. uiWrapper.DisplayTitle("Add the user to the group"); Console.WriteLine("Adding the user to the group, which will give the user the same permissions as the group."); await wrapper.AddUserToGroupAsync(groupUser.UserName, group.GroupName); Console.WriteLine($"User, {groupUser.UserName}, has been added to the group, {group.GroupName}."); uiWrapper.PressEnter(); Console.WriteLine("Now that we have created a user, and added the user to the group, let's create an IAM access key."); // Create access and secret keys for the user. var accessKey = await wrapper.CreateAccessKeyAsync(groupUserName); Console.WriteLine("Key created."); uiWrapper.WaitABit(15, "Waiting for the access key to be ready for use."); uiWrapper.DisplayTitle("List buckets"); Console.WriteLine("To prove that the user has access to Amazon S3, list the S3 buckets for the account."); var s3Client = new AmazonS3Client(accessKey.AccessKeyId, accessKey.SecretAccessKey); var stsClient = new AmazonSecurityTokenServiceClient(accessKey.AccessKeyId, accessKey.SecretAccessKey); var s3Wrapper = new S3Wrapper(s3Client, stsClient); var buckets = await s3Wrapper.ListMyBucketsAsync(); if (buckets is not null) { buckets.ForEach(bucket => { Console.WriteLine($"{bucket.BucketName}\tcreated on: {bucket.CreationDate}"); }); } // Show that the user also has write access to Amazon S3 by creating // a new bucket. uiWrapper.DisplayTitle("Create a bucket"); Console.WriteLine("Since group members have full access to Amazon S3, let's create a bucket."); var success = await s3Wrapper.PutBucketAsync(groupBucketName); if (success) { Console.WriteLine($"Successfully created the bucket: {groupBucketName}."); } uiWrapper.PressEnter(); Console.WriteLine("Let's list the user's S3 buckets again to show the new bucket."); buckets = await s3Wrapper.ListMyBucketsAsync(); if (buckets is not null) { buckets.ForEach(bucket => { Console.WriteLine($"{bucket.BucketName}\tcreated on: {bucket.CreationDate}"); }); } uiWrapper.PressEnter(); uiWrapper.DisplayTitle("Clean up resources"); Console.WriteLine("First delete the bucket we created."); await s3Wrapper.DeleteBucketAsync(groupBucketName); Console.WriteLine($"Now remove the user, {groupUserName}, from the group, {groupName}."); await wrapper.RemoveUserFromGroupAsync(groupUserName, groupName); Console.WriteLine("Delete the user's access key."); await wrapper.DeleteAccessKeyAsync(accessKey.AccessKeyId, groupUserName); // Now we can safely delete the user. Console.WriteLine("Now we can delete the user."); await wrapper.DeleteUserAsync(groupUserName); uiWrapper.PressEnter(); Console.WriteLine("Now we will delete the IAM policy attached to the group."); await wrapper.DeleteGroupPolicyAsync(groupName, groupPolicyName); Console.WriteLine("Now we delete the IAM group."); await wrapper.DeleteGroupAsync(groupName); uiWrapper.PressEnter(); Console.WriteLine("The IAM groups demo has completed."); uiWrapper.PressEnter(); } } namespace IamScenariosCommon; using System.Net; /// <summary> /// A class to perform Amazon Simple Storage Service (Amazon S3) actions for /// the IAM Basics scenario. /// </summary> public class S3Wrapper { private IAmazonS3 _s3Service; private IAmazonSecurityTokenService _stsService; /// <summary> /// Constructor for the S3Wrapper class. /// </summary> /// <param name="s3Service">An Amazon S3 client object.</param> /// <param name="stsService">An AWS Security Token Service (AWS STS) /// client object.</param> public S3Wrapper(IAmazonS3 s3Service, IAmazonSecurityTokenService stsService) { _s3Service = s3Service; _stsService = stsService; } /// <summary> /// Assumes an AWS Identity and Access Management (IAM) role that allows /// Amazon S3 access for the current session. /// </summary> /// <param name="roleSession">A string representing the current session.</param> /// <param name="roleToAssume">The name of the IAM role to assume.</param> /// <returns>Credentials for the newly assumed IAM role.</returns> public async Task<Credentials> AssumeS3RoleAsync(string roleSession, string roleToAssume) { // Create the request to use with the AssumeRoleAsync call. var request = new AssumeRoleRequest() { RoleSessionName = roleSession, RoleArn = roleToAssume, }; var response = await _stsService.AssumeRoleAsync(request); return response.Credentials; } /// <summary> /// Delete an S3 bucket. /// </summary> /// <param name="bucketName">Name of the S3 bucket to delete.</param> /// <returns>A Boolean value indicating the success of the action.</returns> public async Task<bool> DeleteBucketAsync(string bucketName) { var result = await _s3Service.DeleteBucketAsync(new DeleteBucketRequest { BucketName = bucketName }); return result.HttpStatusCode == HttpStatusCode.OK; } /// <summary> /// List the buckets that are owned by the user's account. /// </summary> /// <returns>Async Task.</returns> public async Task<List<S3Bucket>?> ListMyBucketsAsync() { try { // Get the list of buckets accessible by the new user. var response = await _s3Service.ListBucketsAsync(); return response.Buckets; } catch (AmazonS3Exception ex) { // Something else went wrong. Display the error message. Console.WriteLine($"Error: {ex.Message}"); return null; } } /// <summary> /// Create a new S3 bucket. /// </summary> /// <param name="bucketName">The name for the new bucket.</param> /// <returns>A Boolean value indicating whether the action completed /// successfully.</returns> public async Task<bool> PutBucketAsync(string bucketName) { var response = await _s3Service.PutBucketAsync(new PutBucketRequest { BucketName = bucketName }); return response.HttpStatusCode == HttpStatusCode.OK; } /// <summary> /// Update the client objects with new client objects. This is available /// because the scenario uses the methods of this class without and then /// with the proper permissions to list S3 buckets. /// </summary> /// <param name="s3Service">The Amazon S3 client object.</param> /// <param name="stsService">The AWS STS client object.</param> public void UpdateClients(IAmazonS3 s3Service, IAmazonSecurityTokenService stsService) { _s3Service = s3Service; _stsService = stsService; } } namespace IamScenariosCommon; public class UIWrapper { public readonly string SepBar = new('-', Console.WindowWidth); /// <summary> /// Show information about the IAM Groups scenario. /// </summary> public void DisplayGroupsOverview() { Console.Clear(); DisplayTitle("Welcome to the IAM Groups Demo"); Console.WriteLine("This example application does the following:"); Console.WriteLine("\t1. Creates an Amazon Identity and Access Management (IAM) group."); Console.WriteLine("\t2. Adds an IAM policy to the IAM group giving it full access to Amazon S3."); Console.WriteLine("\t3. Creates a new IAM user."); Console.WriteLine("\t4. Creates an IAM access key for the user."); Console.WriteLine("\t5. Adds the user to the IAM group."); Console.WriteLine("\t6. Lists the buckets on the account."); Console.WriteLine("\t7. Proves that the user has full Amazon S3 access by creating a bucket."); Console.WriteLine("\t8. List the buckets again to show the new bucket."); Console.WriteLine("\t9. Cleans up all the resources created."); } /// <summary> /// Show information about the IAM Basics scenario. /// </summary> public void DisplayBasicsOverview() { Console.Clear(); DisplayTitle("Welcome to IAM Basics"); Console.WriteLine("This example application does the following:"); Console.WriteLine("\t1. Creates a user with no permissions."); Console.WriteLine("\t2. Creates a role and policy that grant s3:ListAllMyBuckets permission."); Console.WriteLine("\t3. Grants the user permission to assume the role."); Console.WriteLine("\t4. Creates an S3 client object as the user and tries to list buckets (this will fail)."); Console.WriteLine("\t5. Gets temporary credentials by assuming the role."); Console.WriteLine("\t6. Creates a new S3 client object with the temporary credentials and lists the buckets (this will succeed)."); Console.WriteLine("\t7. Deletes all the resources."); } /// <summary> /// Display a message and wait until the user presses enter. /// </summary> public void PressEnter() { Console.Write("\nPress <Enter> to continue. "); _ = Console.ReadLine(); Console.WriteLine(); } /// <summary> /// Pad a string with spaces to center it on the console display. /// </summary> /// <param name="strToCenter">The string to be centered.</param> /// <returns>The padded string.</returns> public string CenterString(string strToCenter) { var padAmount = (Console.WindowWidth - strToCenter.Length) / 2; var leftPad = new string(' ', padAmount); return $"{leftPad}{strToCenter}"; } /// <summary> /// Display a line of hyphens, the centered text of the title, and another /// line of hyphens. /// </summary> /// <param name="strTitle">The string to be displayed.</param> public void DisplayTitle(string strTitle) { Console.WriteLine(SepBar); Console.WriteLine(CenterString(strTitle)); Console.WriteLine(SepBar); } /// <summary> /// Display a countdown and wait for a number of seconds. /// </summary> /// <param name="numSeconds">The number of seconds to wait.</param> public void WaitABit(int numSeconds, string msg) { Console.WriteLine(msg); // Wait for the requested number of seconds. for (int i = numSeconds; i > 0; i--) { System.Threading.Thread.Sleep(1000); Console.Write($"{i}..."); } PressEnter(); } }-
For API details, see the following topics in Amazon SDK for .NET API Reference.
-
For a complete list of Amazon SDK developer guides and code examples, see Using IAM with an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.
Build and manage a resilient service
Create a user and assume a role