#!/bin/bash
# Variables
ROLE_NAME="robot-artifact-iam-role"
POLICY_ARN="arn:aws:iam::aws:policy/AWSArtifactReadOnlyAccess"
KEY_PAIR_NAME="robot-artifact-key-pair"
# Step 1: Create IAM Role for AWS Artifact
echo "Creating IAM Role: $ROLE_NAME"
aws iam create-role \
--role-name "$ROLE_NAME" \
--assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Principal": {
"Service": "artifact.amazonaws.com"
}
}
]
}' > create_role_output.json
# Check if IAM Role was created successfully
if [ $? -eq 0 ]; then
echo "IAM Role $ROLE_NAME created successfully."
else
echo "Failed to create IAM Role $ROLE_NAME."
exit 1
fi
# Step 2: Attach Policy to Role for Artifact Access
echo "Attaching AWSArtifactReadOnlyAccess policy to IAM Role $ROLE_NAME"
aws iam attach-role-policy \
--role-name "$ROLE_NAME" \
--policy-arn "$POLICY_ARN"
if [ $? -eq 0 ]; then
echo "Policy attached successfully."
else
echo "Failed to attach policy."
exit 1
fi
# Step 3: Create IAM Access Keys (for programmatic access)
echo "Creating Access Keys for IAM Role: $ROLE_NAME"
aws iam create-access-key \
--user-name "$ROLE_NAME" \
> access_keys_output.json
# 检查密钥是否创建成功
if [ $? -eq 0 ]; then
echo "访问密钥创建成功。"
ACCESS_KEY_ID=$(jq -r '.AccessKey.AccessKeyId' access_keys_output.json)
SECRET_ACCESS_KEY=$(jq -r '.AccessKey.SecretAccessKey' access_keys_output.json)
echo "访问密钥 ID:$ACCESS_KEY_ID"
echo "私密访问密钥:$SECRET_ACCESS_KEY"
else
echo "创建访问密钥失败。"
exit 1
fi
# Step 4: Display the IAM Role and Access Key Information
echo "IAM Role $ROLE_NAME has been created with the policy: $POLICY_ARN"
echo "Access Key ID: $ACCESS_KEY_ID"
echo "Secret Access Key: $SECRET_ACCESS_KEY"
