gene1wood/create_security_monkey_trusting_role.py

## create_security_monkey_trusting_role.py
#!/usr/bin/env python

# Set this to the ARN of the trusted account role
trusted_account_role_arn="arn:aws:iam::123456789012:role/SecurityMonkeyInstanceProfile"

import boto.iam
conn_iam = boto.iam.connect_to_region('universal')
role_name='SecurityMonkey'
assume_role_policy_document = '''{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"",
      "Effect":"Allow",
      "Principal":{
        "AWS":"%s"
      },
      "Action":"sts:AssumeRole"
    }
  ]
}''' % trusted_account_role_arn
policy_document = '''{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Action":[
        "cloudwatch:Describe*",
        "cloudwatch:Get*",
        "cloudwatch:List*",
        "ec2:Describe*",
        "elasticloadbalancing:Describe*",
        "iam:List*",
        "iam:Get*",
        "route53:Get*",
        "route53:List*",
        "rds:Describe*",
        "s3:Get*",
        "s3:List*",
        "sdb:GetAttributes",
        "sdb:List*",
        "sdb:Select*",
        "ses:Get*",
        "ses:List*",
        "sns:Get*",
        "sns:List*",
        "sqs:GetQueueAttributes",
        "sqs:ListQueues",
        "sqs:ReceiveMessage"
      ],
      "Effect":"Allow",
      "Resource":"*"
    }
  ]
}'''

create_role_result = conn_iam.create_role(role_name=role_name,
                                          assume_role_policy_document=assume_role_policy_document)
put_role_policy_result = conn_iam.put_role_policy(role_name=role_name,
                                                  policy_name="SecurityMonkeyReadOnly",
                                                  policy_document=policy_document)
	#!/usr/bin/env python

	# Set this to the ARN of the trusted account role
	trusted_account_role_arn="arn:aws:iam::123456789012:role/SecurityMonkeyInstanceProfile"

	import boto.iam
	conn_iam = boto.iam.connect_to_region('universal')
	role_name='SecurityMonkey'
	assume_role_policy_document = '''{
	"Version":"2012-10-17",
	"Statement":[
	{
	"Sid":"",
	"Effect":"Allow",
	"Principal":{
	"AWS":"%s"
	},
	"Action":"sts:AssumeRole"
	}
	]
	}''' % trusted_account_role_arn
	policy_document = '''{
	"Version":"2012-10-17",
	"Statement":[
	{
	"Action":[
	"cloudwatch:Describe*",
	"cloudwatch:Get*",
	"cloudwatch:List*",
	"ec2:Describe*",
	"elasticloadbalancing:Describe*",
	"iam:List*",
	"iam:Get*",
	"route53:Get*",
	"route53:List*",
	"rds:Describe*",
	"s3:Get*",
	"s3:List*",
	"sdb:GetAttributes",
	"sdb:List*",
	"sdb:Select*",
	"ses:Get*",
	"ses:List*",
	"sns:Get*",
	"sns:List*",
	"sqs:GetQueueAttributes",
	"sqs:ListQueues",
	"sqs:ReceiveMessage"
	],
	"Effect":"Allow",
	"Resource":"*"
	}
	]
	}'''

	create_role_result = conn_iam.create_role(role_name=role_name,
	assume_role_policy_document=assume_role_policy_document)
	put_role_policy_result = conn_iam.put_role_policy(role_name=role_name,
	policy_name="SecurityMonkeyReadOnly",
	policy_document=policy_document)