Skip to content

Instantly share code, notes, and snippets.

@eidosam

eidosam/clone_instance_profile.py

Created April 5, 2024 21:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save eidosam/686a47fa25bbabc5e854b286d4a73b59 to your computer and use it in GitHub Desktop.
Save eidosam/686a47fa25bbabc5e854b286d4a73b59 to your computer and use it in GitHub Desktop.
Download ZIP
Clone AWS IAM instance profile
Raw
clone_instance_profile.py
import json
import boto3
original_instance_profile_name = 'original-role'
new_instance_profile_name = 'new-role'
def clone_instance_profile(original_instance_profile_name,
new_instance_profile_name):
iam = boto3.client('iam')
original_role_name = original_instance_profile_name
new_role_name = new_instance_profile_name
original_role = iam.get_role(RoleName=original_role_name)
assume_role_policy_document = original_role['Role']['AssumeRolePolicyDocument']
new_role = iam.create_role(
RoleName=new_role_name,
AssumeRolePolicyDocument=json.dumps(assume_role_policy_document)
)
inline_policies = iam.list_role_policies(RoleName=original_role_name)
for policy_name in inline_policies['PolicyNames']:
role_policy = iam.get_role_policy(RoleName=original_role_name, PolicyName=policy_name)
policy_document = role_policy['PolicyDocument']
iam.put_role_policy(
RoleName=new_role_name,
PolicyName=policy_name,
PolicyDocument=json.dumps(policy_document)
)
attached_policies = iam.list_attached_role_policies(RoleName=original_role_name)
for policy in attached_policies['AttachedPolicies']:
policy_arn = policy['PolicyArn']
iam.attach_role_policy(
RoleName=new_role_name,
PolicyArn=policy_arn
)
iam.create_instance_profile(InstanceProfileName=new_instance_profile_name)
iam.add_role_to_instance_profile(
InstanceProfileName=new_instance_profile_name,
RoleName=new_role_name
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment