func (infra *Infrastructure) createIAMLambdaRolePolicy(roleName string) error {
svc := iam.New(session.New(), infra.config)
_, err := svc.PutRolePolicy(&iam.PutRolePolicyInput{
PolicyDocument: aws.String(`{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sqs:SendMessage"
],
"Effect": "Allow",
"Resource": "arn:aws:sqs:*:*:goad-*"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:*"
}
]
}`),
PolicyName: aws.String("goad-lambda-role-policy"),
RoleName: aws.String(roleName),
})
return err
}
func (infra *Infrastructure) createIAMLambdaRole(roleName string) (arn string, err error) {
svc := iam.New(session.New(), infra.config)
resp, err := svc.GetRole(&iam.GetRoleInput{
RoleName: aws.String(roleName),
})
if err != nil {
if awsErr, ok := err.(awserr.Error); ok {
if awsErr.Code() == "NoSuchEntity" {
resp, err := svc.CreateRole(&iam.CreateRoleInput{
AssumeRolePolicyDocument: aws.String(`{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {"Service": "lambda.amazonaws.com"},
"Action": "sts:AssumeRole"
}
}`),
RoleName: aws.String(roleName),
Path: aws.String("/"),
})
if err != nil {
return "", err
}
if err := infra.createIAMLambdaRolePolicy(*resp.Role.RoleName); err != nil {
return "", err
}
return *resp.Role.Arn, nil
}
} else {
return "", err
}
}
return *resp.Role.Arn, nil
}