From 77a57ab6636acf78f1497031dd11b5bfe56b38e1 Mon Sep 17 00:00:00 2001 From: Norm Johanson Date: Tue, 3 Dec 2024 21:26:13 -0800 Subject: [PATCH] Fix Beanstalk integ by making sure they have the required IAM permissions for the Beanstalk environment. --- .../Helpers/IAMHelper.cs | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/test/AWS.Deploy.CLI.IntegrationTests/Helpers/IAMHelper.cs b/test/AWS.Deploy.CLI.IntegrationTests/Helpers/IAMHelper.cs index 15758cb9e..2c85a94ca 100644 --- a/test/AWS.Deploy.CLI.IntegrationTests/Helpers/IAMHelper.cs +++ b/test/AWS.Deploy.CLI.IntegrationTests/Helpers/IAMHelper.cs @@ -32,6 +32,19 @@ public async Task DeleteRoleAndInstanceProfileAfterBeanstalkEnvionmentDeployment var role = existingRoles.FirstOrDefault(x => string.Equals(roleName, x.RoleName)); if (role != null) { + var polices = (await _client.ListAttachedRolePoliciesAsync(new ListAttachedRolePoliciesRequest { RoleName = roleName })).AttachedPolicies; + if (polices != null) + { + foreach(var policy in polices) + { + await _client.DetachRolePolicyAsync(new DetachRolePolicyRequest + { + RoleName = roleName, + PolicyArn = policy.PolicyArn + }); + } + } + await _client.RemoveRoleFromInstanceProfileAsync(new RemoveRoleFromInstanceProfileRequest { RoleName = roleName, @@ -78,6 +91,12 @@ await _client.CreateRoleAsync(new CreateRoleRequest AssumeRolePolicyDocument = assumeRolepolicyDocument.Replace("'", "\""), MaxSessionDuration = 7200 }); + + await _client.AttachRolePolicyAsync(new AttachRolePolicyRequest + { + RoleName = roleName, + PolicyArn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier" + }); } InstanceProfile instanceProfile = null;