[適用於 JavaScript 的 AWS SDK V3 API 參考指南](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/)詳細說明 第 3 版 適用於 JavaScript 的 AWS SDK (V3) 的所有 API 操作。
本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 使用適用於 JavaScript 的 SDK (v3) 的 IAM 範例
下列程式碼範例示範如何使用 適用於 JavaScript 的 AWS SDK (v3) 搭配 IAM 來執行動作和實作常見案例。
*基本概念*是程式碼範例,這些範例說明如何在服務內執行基本操作。
*Actions* 是大型程式的程式碼摘錄,必須在內容中執行。雖然動作會告訴您如何呼叫個別服務函數,但您可以在其相關情境中查看內容中的動作。
*案例*是向您展示如何呼叫服務中的多個函數或與其他 AWS 服務組合來完成特定任務的程式碼範例。
每個範例均包含完整原始碼的連結,您可在連結中找到如何設定和執行內容中程式碼的相關指示。
**Topics**
+ [開始使用](#get_started)
+ [基本概念](#basics)
+ [動作](#actions)
+ [案例](#scenarios)
## 開始使用
### Hello IAM
下列程式碼範例說明如何開始使用 IAM。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
```
import { IAMClient, paginateListPolicies } from "@aws-sdk/client-iam";
const client = new IAMClient({});
export const listLocalPolicies = async () => {
/**
* In v3, the clients expose paginateOperationName APIs that are written using async generators so that you can use async iterators in a for await..of loop.
* https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html#paginators
*/
const paginator = paginateListPolicies(
{ client, pageSize: 10 },
// List only customer managed policies.
{ Scope: "Local" },
);
console.log("IAM policies defined in your account:");
let policyCount = 0;
for await (const page of paginator) {
if (page.Policies) {
for (const policy of page.Policies) {
console.log(`${policy.PolicyName}`);
policyCount++;
}
}
}
console.log(`Found ${policyCount} policies.`);
};
```
+ 如需 API 詳細資訊,請參閱 *適用於 JavaScript 的 AWS SDK API Reference* 中的 [ListPolicies](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/ListPoliciesCommand)。
## 基本概念
### 了解基本概念
下列程式碼範例示範如何建立使用者並擔任角色。
**警告**
為避免安全風險,在開發專用軟體或使用真實資料時,請勿使用 IAM 使用者進行身分驗證。相反地,搭配使用聯合功能和身分提供者,例如 [AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html)。
+ 建立沒有許可的使用者。
+ 建立一個可授予許可的角色,以列出帳戶的 Amazon S3 儲存貯體。
+ 新增政策,讓使用者擔任該角色。
+ 使用暫時憑證,擔任角色並列出 S3 儲存貯體,然後清理資源。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
建立一個可授予許可的 IAM 使用者和角色,以列出 Amazon S3 儲存貯體。使用者只有擔任該角色的權利。擔任角色後,請使用暫時性憑證列出該帳戶的儲存貯體。
```
import {
CreateUserCommand,
GetUserCommand,
CreateAccessKeyCommand,
CreatePolicyCommand,
CreateRoleCommand,
AttachRolePolicyCommand,
DeleteAccessKeyCommand,
DeleteUserCommand,
DeleteRoleCommand,
DeletePolicyCommand,
DetachRolePolicyCommand,
IAMClient,
} from "@aws-sdk/client-iam";
import { ListBucketsCommand, S3Client } from "@aws-sdk/client-s3";
import { AssumeRoleCommand, STSClient } from "@aws-sdk/client-sts";
import { retry } from "@aws-doc-sdk-examples/lib/utils/util-timers.js";
import { ScenarioInput } from "@aws-doc-sdk-examples/lib/scenario/index.js";
// Set the parameters.
const iamClient = new IAMClient({});
const userName = "iam_basic_test_username";
const policyName = "iam_basic_test_policy";
const roleName = "iam_basic_test_role";
/**
* Create a new IAM user. If the user already exists, give
* the option to delete and re-create it.
* @param {string} name
*/
export const createUser = async (name, confirmAll = false) => {
try {
const { User } = await iamClient.send(
new GetUserCommand({ UserName: name }),
);
const input = new ScenarioInput(
"deleteUser",
"Do you want to delete and remake this user?",
{ type: "confirm" },
);
const deleteUser = await input.handle({}, { confirmAll });
// If the user exists, and you want to delete it, delete the user
// and then create it again.
if (deleteUser) {
await iamClient.send(new DeleteUserCommand({ UserName: User.UserName }));
await iamClient.send(new CreateUserCommand({ UserName: name }));
} else {
console.warn(
`${name} already exists. The scenario may not work as expected.`,
);
return User;
}
} catch (caught) {
// If there is no user by that name, create one.
if (caught instanceof Error && caught.name === "NoSuchEntityException") {
const { User } = await iamClient.send(
new CreateUserCommand({ UserName: name }),
);
return User;
}
throw caught;
}
};
export const main = async (confirmAll = false) => {
// Create a user. The user has no permissions by default.
const User = await createUser(userName, confirmAll);
if (!User) {
throw new Error("User not created");
}
// Create an access key. This key is used to authenticate the new user to
// Amazon Simple Storage Service (Amazon S3) and AWS Security Token Service (AWS STS).
// It's not best practice to use access keys. For more information, see https://aws.amazon.com/iam/resources/best-practices/.
const createAccessKeyResponse = await iamClient.send(
new CreateAccessKeyCommand({ UserName: userName }),
);
if (
!createAccessKeyResponse.AccessKey?.AccessKeyId ||
!createAccessKeyResponse.AccessKey?.SecretAccessKey
) {
throw new Error("Access key not created");
}
const {
AccessKey: { AccessKeyId, SecretAccessKey },
} = createAccessKeyResponse;
let s3Client = new S3Client({
credentials: {
accessKeyId: AccessKeyId,
secretAccessKey: SecretAccessKey,
},
});
// Retry the list buckets operation until it succeeds. InvalidAccessKeyId is
// thrown while the user and access keys are still stabilizing.
await retry({ intervalInMs: 1000, maxRetries: 300 }, async () => {
try {
return await listBuckets(s3Client);
} catch (err) {
if (err instanceof Error && err.name === "InvalidAccessKeyId") {
throw err;
}
}
});
// Retry the create role operation until it succeeds. A MalformedPolicyDocument error
// is thrown while the user and access keys are still stabilizing.
const { Role } = await retry(
{
intervalInMs: 2000,
maxRetries: 60,
},
() =>
iamClient.send(
new CreateRoleCommand({
AssumeRolePolicyDocument: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
// Allow the previously created user to assume this role.
AWS: User.Arn,
},
Action: "sts:AssumeRole",
},
],
}),
RoleName: roleName,
}),
),
);
if (!Role) {
throw new Error("Role not created");
}
// Create a policy that allows the user to list S3 buckets.
const { Policy: listBucketPolicy } = await iamClient.send(
new CreatePolicyCommand({
PolicyDocument: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: ["s3:ListAllMyBuckets"],
Resource: "*",
},
],
}),
PolicyName: policyName,
}),
);
if (!listBucketPolicy) {
throw new Error("Policy not created");
}
// Attach the policy granting the 's3:ListAllMyBuckets' action to the role.
await iamClient.send(
new AttachRolePolicyCommand({
PolicyArn: listBucketPolicy.Arn,
RoleName: Role.RoleName,
}),
);
// Assume the role.
const stsClient = new STSClient({
credentials: {
accessKeyId: AccessKeyId,
secretAccessKey: SecretAccessKey,
},
});
// Retry the assume role operation until it succeeds.
const { Credentials } = await retry(
{ intervalInMs: 2000, maxRetries: 60 },
() =>
stsClient.send(
new AssumeRoleCommand({
RoleArn: Role.Arn,
RoleSessionName: `iamBasicScenarioSession-${Math.floor(
Math.random() * 1000000,
)}`,
DurationSeconds: 900,
}),
),
);
if (!Credentials?.AccessKeyId || !Credentials?.SecretAccessKey) {
throw new Error("Credentials not created");
}
s3Client = new S3Client({
credentials: {
accessKeyId: Credentials.AccessKeyId,
secretAccessKey: Credentials.SecretAccessKey,
sessionToken: Credentials.SessionToken,
},
});
// List the S3 buckets again.
// Retry the list buckets operation until it succeeds. AccessDenied might
// be thrown while the role policy is still stabilizing.
await retry({ intervalInMs: 2000, maxRetries: 120 }, () =>
listBuckets(s3Client),
);
// Clean up.
await iamClient.send(
new DetachRolePolicyCommand({
PolicyArn: listBucketPolicy.Arn,
RoleName: Role.RoleName,
}),
);
await iamClient.send(
new DeletePolicyCommand({
PolicyArn: listBucketPolicy.Arn,
}),
);
await iamClient.send(
new DeleteRoleCommand({
RoleName: Role.RoleName,
}),
);
await iamClient.send(
new DeleteAccessKeyCommand({
UserName: userName,
AccessKeyId,
}),
);
await iamClient.send(
new DeleteUserCommand({
UserName: userName,
}),
);
};
/**
*
* @param {S3Client} s3Client
*/
const listBuckets = async (s3Client) => {
const { Buckets } = await s3Client.send(new ListBucketsCommand({}));
if (!Buckets) {
throw new Error("Buckets not listed");
}
console.log(Buckets.map((bucket) => bucket.Name).join("\n"));
};
```
+ 如需 API 詳細資訊,請參閱《*適用於 JavaScript 的 AWS SDK API 參考*》中的下列主題。
+ [AttachRolePolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/AttachRolePolicyCommand)
+ [CreateAccessKey](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreateAccessKeyCommand)
+ [CreatePolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreatePolicyCommand)
+ [CreateRole](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreateRoleCommand)
+ [CreateUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreateUserCommand)
+ [DeleteAccessKey](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteAccessKeyCommand)
+ [DeletePolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeletePolicyCommand)
+ [DeleteRole](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteRoleCommand)
+ [DeleteUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteUserCommand)
+ [DeleteUserPolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteUserPolicyCommand)
+ [DetachRolePolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DetachRolePolicyCommand)
+ [PutUserPolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/PutUserPolicyCommand)
## 動作
### `AttachRolePolicy`
以下程式碼範例顯示如何使用 `AttachRolePolicy`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
連接政策。
```
import { AttachRolePolicyCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} policyArn
* @param {string} roleName
*/
export const attachRolePolicy = (policyArn, roleName) => {
const command = new AttachRolePolicyCommand({
PolicyArn: policyArn,
RoleName: roleName,
});
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-policies.html#iam-examples-policies-attaching-role-policy)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [AttachRolePolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/AttachRolePolicyCommand)。
### `CreateAccessKey`
以下程式碼範例顯示如何使用 `CreateAccessKey`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
建立存取金鑰。
```
import { CreateAccessKeyCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} userName
*/
export const createAccessKey = (userName) => {
const command = new CreateAccessKeyCommand({ UserName: userName });
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-managing-access-keys.html#iam-examples-managing-access-keys-creating)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [CreateAccessKey](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreateAccessKeyCommand)。
### `CreateAccountAlias`
以下程式碼範例顯示如何使用 `CreateAccountAlias`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
建立帳戶別名。
```
import { CreateAccountAliasCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} alias - A unique name for the account alias.
* @returns
*/
export const createAccountAlias = (alias) => {
const command = new CreateAccountAliasCommand({
AccountAlias: alias,
});
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-account-aliases.html#iam-examples-account-aliases-creating)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [CreateAccountAlias](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreateAccountAliasCommand)。
### `CreateGroup`
以下程式碼範例顯示如何使用 `CreateGroup`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
```
import { CreateGroupCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} groupName
*/
export const createGroup = async (groupName) => {
const command = new CreateGroupCommand({ GroupName: groupName });
const response = await client.send(command);
console.log(response);
return response;
};
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》**中的 [CreateGroup](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreateGroupCommand)。
### `CreateInstanceProfile`
以下程式碼範例顯示如何使用 `CreateInstanceProfile`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-resilient-service#code-examples)中設定和執行。
```
const { InstanceProfile } = await iamClient.send(
new CreateInstanceProfileCommand({
InstanceProfileName: NAMES.ssmOnlyInstanceProfileName,
}),
);
await waitUntilInstanceProfileExists(
{ client: iamClient },
{ InstanceProfileName: NAMES.ssmOnlyInstanceProfileName },
);
```
+ 如需 API 詳細資訊,請參閱 *適用於 JavaScript 的 AWS SDK API Reference* 中的 [CreateInstanceProfile](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreateInstanceProfileCommand)。
### `CreatePolicy`
以下程式碼範例顯示如何使用 `CreatePolicy`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
建立政策。
```
import { CreatePolicyCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} policyName
*/
export const createPolicy = (policyName) => {
const command = new CreatePolicyCommand({
PolicyDocument: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: "*",
Resource: "*",
},
],
}),
PolicyName: policyName,
});
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-policies.html#iam-examples-policies-creating)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [CreatePolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreatePolicyCommand)。
### `CreateRole`
以下程式碼範例顯示如何使用 `CreateRole`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
建立角色。
```
import { CreateRoleCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} roleName
*/
export const createRole = (roleName) => {
const command = new CreateRoleCommand({
AssumeRolePolicyDocument: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
Service: "lambda.amazonaws.com",
},
Action: "sts:AssumeRole",
},
],
}),
RoleName: roleName,
});
return client.send(command);
};
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [CreateRole](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreateRoleCommand)。
### `CreateSAMLProvider`
以下程式碼範例顯示如何使用 `CreateSAMLProvider`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
```
import { CreateSAMLProviderCommand, IAMClient } from "@aws-sdk/client-iam";
import { readFileSync } from "node:fs";
import * as path from "node:path";
import { dirnameFromMetaUrl } from "@aws-doc-sdk-examples/lib/utils/util-fs.js";
const client = new IAMClient({});
/**
* This sample document was generated using Auth0.
* For more information on generating this document, see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html#samlstep1.
*/
const sampleMetadataDocument = readFileSync(
path.join(
dirnameFromMetaUrl(import.meta.url),
"../../../../resources/sample_files/sample_saml_metadata.xml",
),
);
/**
*
* @param {*} providerName
* @returns
*/
export const createSAMLProvider = async (providerName) => {
const command = new CreateSAMLProviderCommand({
Name: providerName,
SAMLMetadataDocument: sampleMetadataDocument.toString(),
});
const response = await client.send(command);
console.log(response);
return response;
};
```
+ 如需 API 詳細資訊,請參閱 *適用於 JavaScript 的 AWS SDK API Reference* 中的 [CreateSAMLProvider](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreateSAMLProviderCommand)。
### `CreateServiceLinkedRole`
以下程式碼範例顯示如何使用 `CreateServiceLinkedRole`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
建立服務連結角色。
```
import {
CreateServiceLinkedRoleCommand,
GetRoleCommand,
IAMClient,
} from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} serviceName
*/
export const createServiceLinkedRole = async (serviceName) => {
const command = new CreateServiceLinkedRoleCommand({
// For a list of AWS services that support service-linked roles,
// see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html.
//
// For a list of AWS service endpoints, see https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html.
AWSServiceName: serviceName,
});
try {
const response = await client.send(command);
console.log(response);
return response;
} catch (caught) {
if (
caught instanceof Error &&
caught.name === "InvalidInputException" &&
caught.message.includes(
"Service role name AWSServiceRoleForElasticBeanstalk has been taken in this account",
)
) {
console.warn(caught.message);
return client.send(
new GetRoleCommand({ RoleName: "AWSServiceRoleForElasticBeanstalk" }),
);
}
throw caught;
}
};
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [CreateServiceLinkedRole](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreateServiceLinkedRoleCommand)。
### `CreateUser`
以下程式碼範例顯示如何使用 `CreateUser`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
建立使用者。
```
import { CreateUserCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} name
*/
export const createUser = (name) => {
const command = new CreateUserCommand({ UserName: name });
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-managing-users.html#iam-examples-managing-users-creating-users)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [CreateUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreateUserCommand)。
### `DeleteAccessKey`
以下程式碼範例顯示如何使用 `DeleteAccessKey`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
刪除存取金鑰。
```
import { DeleteAccessKeyCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} userName
* @param {string} accessKeyId
*/
export const deleteAccessKey = (userName, accessKeyId) => {
const command = new DeleteAccessKeyCommand({
AccessKeyId: accessKeyId,
UserName: userName,
});
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-managing-access-keys.html#iam-examples-managing-access-keys-deleting)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [DeleteAccessKey](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteAccessKeyCommand)。
### `DeleteAccountAlias`
以下程式碼範例顯示如何使用 `DeleteAccountAlias`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
刪除帳戶別名。
```
import { DeleteAccountAliasCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} alias
*/
export const deleteAccountAlias = (alias) => {
const command = new DeleteAccountAliasCommand({ AccountAlias: alias });
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-account-aliases.html#iam-examples-account-aliases-deleting)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [DeleteAccountAlias](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteAccountAliasCommand)。
### `DeleteGroup`
以下程式碼範例顯示如何使用 `DeleteGroup`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
```
import { DeleteGroupCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} groupName
*/
export const deleteGroup = async (groupName) => {
const command = new DeleteGroupCommand({
GroupName: groupName,
});
const response = await client.send(command);
console.log(response);
return response;
};
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》**中的 [DeleteGroup](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteGroupCommand)。
### `DeleteInstanceProfile`
以下程式碼範例顯示如何使用 `DeleteInstanceProfile`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-resilient-service#code-examples)中設定和執行。
```
const client = new IAMClient({});
await client.send(
new DeleteInstanceProfileCommand({
InstanceProfileName: NAMES.instanceProfileName,
}),
);
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》**中的 [DeleteInstanceProfile](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteInstanceProfileCommand)。
### `DeletePolicy`
以下程式碼範例顯示如何使用 `DeletePolicy`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam/#code-examples)中設定和執行。
刪除政策。
```
import { DeletePolicyCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} policyArn
*/
export const deletePolicy = (policyArn) => {
const command = new DeletePolicyCommand({ PolicyArn: policyArn });
return client.send(command);
};
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [DeletePolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeletePolicyCommand)。
### `DeleteRole`
以下程式碼範例顯示如何使用 `DeleteRole`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
刪除角色。
```
import { DeleteRoleCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} roleName
*/
export const deleteRole = (roleName) => {
const command = new DeleteRoleCommand({ RoleName: roleName });
return client.send(command);
};
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [DeleteRole](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteRoleCommand)。
### `DeleteRolePolicy`
以下程式碼範例顯示如何使用 `DeleteRolePolicy`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
```
import { DeleteRolePolicyCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} roleName
* @param {string} policyName
*/
export const deleteRolePolicy = (roleName, policyName) => {
const command = new DeleteRolePolicyCommand({
RoleName: roleName,
PolicyName: policyName,
});
return client.send(command);
};
```
+ 如需 API 詳細資訊,請參閱 *適用於 JavaScript 的 AWS SDK API Reference* 中的 [DeleteRolePolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteRolePolicyCommand)。
### `DeleteSAMLProvider`
以下程式碼範例顯示如何使用 `DeleteSAMLProvider`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
```
import { DeleteSAMLProviderCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} providerArn
* @returns
*/
export const deleteSAMLProvider = async (providerArn) => {
const command = new DeleteSAMLProviderCommand({
SAMLProviderArn: providerArn,
});
const response = await client.send(command);
console.log(response);
return response;
};
```
+ 如需 API 詳細資訊,請參閱 *適用於 JavaScript 的 AWS SDK API Reference* 中的 [DeleteSAMLProvider](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteSAMLProviderCommand)。
### `DeleteServerCertificate`
以下程式碼範例顯示如何使用 `DeleteServerCertificate`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
刪除伺服器憑證。
```
import { DeleteServerCertificateCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} certName
*/
export const deleteServerCertificate = (certName) => {
const command = new DeleteServerCertificateCommand({
ServerCertificateName: certName,
});
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK 開發人員指南》[https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-server-certificates.html#iam-examples-server-certificates-deleting](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-server-certificates.html#iam-examples-server-certificates-deleting)。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [DeleteServerCertificate](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteServerCertificateCommand)。
### `DeleteServiceLinkedRole`
以下程式碼範例顯示如何使用 `DeleteServiceLinkedRole`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
```
import { DeleteServiceLinkedRoleCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} roleName
*/
export const deleteServiceLinkedRole = (roleName) => {
const command = new DeleteServiceLinkedRoleCommand({ RoleName: roleName });
return client.send(command);
};
```
+ 如需 API 詳細資訊,請參閱 *適用於 JavaScript 的 AWS SDK API Reference* 中的 [DeleteServiceLinkedRole](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteServiceLinkedRoleCommand)。
### `DeleteUser`
以下程式碼範例顯示如何使用 `DeleteUser`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
刪除使用者。
```
import { DeleteUserCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} name
*/
export const deleteUser = (name) => {
const command = new DeleteUserCommand({ UserName: name });
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-managing-users.html#iam-examples-managing-users-deleting-users)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [DeleteUser](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteUserCommand)。
### `DetachRolePolicy`
以下程式碼範例顯示如何使用 `DetachRolePolicy`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
分離政策。
```
import { DetachRolePolicyCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} policyArn
* @param {string} roleName
*/
export const detachRolePolicy = (policyArn, roleName) => {
const command = new DetachRolePolicyCommand({
PolicyArn: policyArn,
RoleName: roleName,
});
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-policies.html#iam-examples-policies-detaching-role-policy)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [DetachRolePolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DetachRolePolicyCommand)。
### `GetAccessKeyLastUsed`
以下程式碼範例顯示如何使用 `GetAccessKeyLastUsed`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
獲取存取金鑰。
```
import { GetAccessKeyLastUsedCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} accessKeyId
*/
export const getAccessKeyLastUsed = async (accessKeyId) => {
const command = new GetAccessKeyLastUsedCommand({
AccessKeyId: accessKeyId,
});
const response = await client.send(command);
if (response.AccessKeyLastUsed?.LastUsedDate) {
console.log(`
${accessKeyId} was last used by ${response.UserName} via
the ${response.AccessKeyLastUsed.ServiceName} service on
${response.AccessKeyLastUsed.LastUsedDate.toISOString()}
`);
}
return response;
};
```
+ 如需詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK 開發人員指南》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [GetAccessKeyLastUsed](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/GetAccessKeyLastUsedCommand)。
### `GetAccountPasswordPolicy`
以下程式碼範例顯示如何使用 `GetAccountPasswordPolicy`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
取得帳戶密碼政策。
```
import {
GetAccountPasswordPolicyCommand,
IAMClient,
} from "@aws-sdk/client-iam";
const client = new IAMClient({});
export const getAccountPasswordPolicy = async () => {
const command = new GetAccountPasswordPolicyCommand({});
const response = await client.send(command);
console.log(response.PasswordPolicy);
return response;
};
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [GetAccountPasswordPolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/GetAccountPasswordPolicyCommand)。
### `GetPolicy`
以下程式碼範例顯示如何使用 `GetPolicy`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
取得政策。
```
import { GetPolicyCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} policyArn
*/
export const getPolicy = (policyArn) => {
const command = new GetPolicyCommand({
PolicyArn: policyArn,
});
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-policies.html#iam-examples-policies-getting)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [GetPolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/GetPolicyCommand)。
### `GetRole`
以下程式碼範例顯示如何使用 `GetRole`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
取得角色。
```
import { GetRoleCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} roleName
*/
export const getRole = (roleName) => {
const command = new GetRoleCommand({
RoleName: roleName,
});
return client.send(command);
};
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [GetRole](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/GetRoleCommand)。
### `GetServerCertificate`
以下程式碼範例顯示如何使用 `GetServerCertificate`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
獲取伺服器憑證。
```
import { GetServerCertificateCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} certName
* @returns
*/
export const getServerCertificate = async (certName) => {
const command = new GetServerCertificateCommand({
ServerCertificateName: certName,
});
const response = await client.send(command);
console.log(response);
return response;
};
```
+ 如需詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK 開發人員指南》[https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-server-certificates.html#iam-examples-server-certificates-getting](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-server-certificates.html#iam-examples-server-certificates-getting)。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [GetServerCertificate](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/GetServerCertificateCommand)。
### `GetServiceLinkedRoleDeletionStatus`
以下程式碼範例顯示如何使用 `GetServiceLinkedRoleDeletionStatus`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
```
import {
GetServiceLinkedRoleDeletionStatusCommand,
IAMClient,
} from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} deletionTaskId
*/
export const getServiceLinkedRoleDeletionStatus = (deletionTaskId) => {
const command = new GetServiceLinkedRoleDeletionStatusCommand({
DeletionTaskId: deletionTaskId,
});
return client.send(command);
};
```
+ 如需 API 詳細資訊,請參閱 *適用於 JavaScript 的 AWS SDK API Reference* 中的 [GetServiceLinkedRoleDeletionStatus](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/GetServiceLinkedRoleDeletionStatusCommand)。
### `ListAccessKeys`
以下程式碼範例顯示如何使用 `ListAccessKeys`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
列出存取金鑰。
```
import { ListAccessKeysCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
* A generator function that handles paginated results.
* The AWS SDK for JavaScript (v3) provides {@link https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html#paginators | paginator} functions to simplify this.
*
* @param {string} userName
*/
export async function* listAccessKeys(userName) {
const command = new ListAccessKeysCommand({
MaxItems: 5,
UserName: userName,
});
/**
* @type {import("@aws-sdk/client-iam").ListAccessKeysCommandOutput | undefined}
*/
let response = await client.send(command);
while (response?.AccessKeyMetadata?.length) {
for (const key of response.AccessKeyMetadata) {
yield key;
}
if (response.IsTruncated) {
response = await client.send(
new ListAccessKeysCommand({
Marker: response.Marker,
}),
);
} else {
break;
}
}
}
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-managing-access-keys.html#iam-examples-managing-access-keys-listing)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [ListAccessKeys](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/ListAccessKeysCommand)。
### `ListAccountAliases`
以下程式碼範例顯示如何使用 `ListAccountAliases`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
列出帳戶別名。
```
import { ListAccountAliasesCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
* A generator function that handles paginated results.
* The AWS SDK for JavaScript (v3) provides {@link https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html#paginators | paginator} functions to simplify this.
*/
export async function* listAccountAliases() {
const command = new ListAccountAliasesCommand({ MaxItems: 5 });
let response = await client.send(command);
while (response.AccountAliases?.length) {
for (const alias of response.AccountAliases) {
yield alias;
}
if (response.IsTruncated) {
response = await client.send(
new ListAccountAliasesCommand({
Marker: response.Marker,
MaxItems: 5,
}),
);
} else {
break;
}
}
}
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-account-aliases.html#iam-examples-account-aliases-listing)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [ListAccountAliases](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/ListAccountAliasesCommand)。
### `ListAttachedRolePolicies`
以下程式碼範例顯示如何使用 `ListAttachedRolePolicies`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
列出連接至角色的政策。
```
import {
ListAttachedRolePoliciesCommand,
IAMClient,
} from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
* A generator function that handles paginated results.
* The AWS SDK for JavaScript (v3) provides {@link https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html#paginators | paginator} functions to simplify this.
* @param {string} roleName
*/
export async function* listAttachedRolePolicies(roleName) {
const command = new ListAttachedRolePoliciesCommand({
RoleName: roleName,
});
let response = await client.send(command);
while (response.AttachedPolicies?.length) {
for (const policy of response.AttachedPolicies) {
yield policy;
}
if (response.IsTruncated) {
response = await client.send(
new ListAttachedRolePoliciesCommand({
RoleName: roleName,
Marker: response.Marker,
}),
);
} else {
break;
}
}
}
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [ListAttachedRolePolicies](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/ListAttachedRolePoliciesCommand)。
### `ListGroups`
以下程式碼範例顯示如何使用 `ListGroups`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
列出群組。
```
import { ListGroupsCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
* A generator function that handles paginated results.
* The AWS SDK for JavaScript (v3) provides {@link https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html#paginators | paginator} functions to simplify this.
*/
export async function* listGroups() {
const command = new ListGroupsCommand({
MaxItems: 10,
});
let response = await client.send(command);
while (response.Groups?.length) {
for (const group of response.Groups) {
yield group;
}
if (response.IsTruncated) {
response = await client.send(
new ListGroupsCommand({
Marker: response.Marker,
MaxItems: 10,
}),
);
} else {
break;
}
}
}
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [ListGroups](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/ListGroupsCommand)。
### `ListPolicies`
以下程式碼範例顯示如何使用 `ListPolicies`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
列出政策。
```
import { ListPoliciesCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
* A generator function that handles paginated results.
* The AWS SDK for JavaScript (v3) provides {@link https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html#paginators | paginator} functions to simplify this.
*
*/
export async function* listPolicies() {
const command = new ListPoliciesCommand({
MaxItems: 10,
OnlyAttached: false,
// List only the customer managed policies in your Amazon Web Services account.
Scope: "Local",
});
let response = await client.send(command);
while (response.Policies?.length) {
for (const policy of response.Policies) {
yield policy;
}
if (response.IsTruncated) {
response = await client.send(
new ListPoliciesCommand({
Marker: response.Marker,
MaxItems: 10,
OnlyAttached: false,
Scope: "Local",
}),
);
} else {
break;
}
}
}
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [ListPolicies](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/ListPoliciesCommand)。
### `ListRolePolicies`
以下程式碼範例顯示如何使用 `ListRolePolicies`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
列出政策。
```
import { ListRolePoliciesCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
* A generator function that handles paginated results.
* The AWS SDK for JavaScript (v3) provides {@link https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html#paginators | paginator} functions to simplify this.
*
* @param {string} roleName
*/
export async function* listRolePolicies(roleName) {
const command = new ListRolePoliciesCommand({
RoleName: roleName,
MaxItems: 10,
});
let response = await client.send(command);
while (response.PolicyNames?.length) {
for (const policyName of response.PolicyNames) {
yield policyName;
}
if (response.IsTruncated) {
response = await client.send(
new ListRolePoliciesCommand({
RoleName: roleName,
MaxItems: 10,
Marker: response.Marker,
}),
);
} else {
break;
}
}
}
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [ListRolePolicies](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/ListRolePoliciesCommand)。
### `ListRoles`
以下程式碼範例顯示如何使用 `ListRoles`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
列出角色。
```
import { ListRolesCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
* A generator function that handles paginated results.
* The AWS SDK for JavaScript (v3) provides {@link https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html#paginators | paginator} functions to simplify this.
*
*/
export async function* listRoles() {
const command = new ListRolesCommand({
MaxItems: 10,
});
/**
* @type {import("@aws-sdk/client-iam").ListRolesCommandOutput | undefined}
*/
let response = await client.send(command);
while (response?.Roles?.length) {
for (const role of response.Roles) {
yield role;
}
if (response.IsTruncated) {
response = await client.send(
new ListRolesCommand({
Marker: response.Marker,
}),
);
} else {
break;
}
}
}
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [ListRoles](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/ListRolesCommand)。
### `ListSAMLProviders`
以下程式碼範例顯示如何使用 `ListSAMLProviders`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
列出 SAML 供應商。
```
import { ListSAMLProvidersCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
export const listSamlProviders = async () => {
const command = new ListSAMLProvidersCommand({});
const response = await client.send(command);
console.log(response);
return response;
};
```
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [ListSAMLProviders](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/ListSAMLProvidersCommand)。
### `ListServerCertificates`
以下程式碼範例顯示如何使用 `ListServerCertificates`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
列出憑證。
```
import { ListServerCertificatesCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
* A generator function that handles paginated results.
* The AWS SDK for JavaScript (v3) provides {@link https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/index.html#paginators | paginator} functions to simplify this.
*
*/
export async function* listServerCertificates() {
const command = new ListServerCertificatesCommand({});
let response = await client.send(command);
while (response.ServerCertificateMetadataList?.length) {
for await (const cert of response.ServerCertificateMetadataList) {
yield cert;
}
if (response.IsTruncated) {
response = await client.send(new ListServerCertificatesCommand({}));
} else {
break;
}
}
}
```
+ 如需詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK 開發人員指南》[https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-server-certificates.html#iam-examples-server-certificates-listing](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-server-certificates.html#iam-examples-server-certificates-listing)。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [ListServerCertificates](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/ListServerCertificatesCommand)。
### `ListUsers`
以下程式碼範例顯示如何使用 `ListUsers`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
列出使用者。
```
import { ListUsersCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
export const listUsers = async () => {
const command = new ListUsersCommand({ MaxItems: 10 });
const response = await client.send(command);
for (const { UserName, CreateDate } of response.Users) {
console.log(`${UserName} created on: ${CreateDate}`);
}
return response;
};
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-managing-users.html#iam-examples-managing-users-listing-users)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [ListUsers](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/ListUsersCommand)。
### `PutRolePolicy`
以下程式碼範例顯示如何使用 `PutRolePolicy`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
```
import { PutRolePolicyCommand, IAMClient } from "@aws-sdk/client-iam";
const examplePolicyDocument = JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Sid: "VisualEditor0",
Effect: "Allow",
Action: [
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListBucket",
"s3:ListMultipartUploadParts",
],
Resource: "arn:aws:s3:::amzn-s3-demo-bucket",
},
{
Sid: "VisualEditor1",
Effect: "Allow",
Action: [
"s3:ListStorageLensConfigurations",
"s3:ListAccessPointsForObjectLambda",
"s3:ListAllMyBuckets",
"s3:ListAccessPoints",
"s3:ListJobs",
"s3:ListMultiRegionAccessPoints",
],
Resource: "*",
},
],
});
const client = new IAMClient({});
/**
*
* @param {string} roleName
* @param {string} policyName
* @param {string} policyDocument
*/
export const putRolePolicy = async (roleName, policyName, policyDocument) => {
const command = new PutRolePolicyCommand({
RoleName: roleName,
PolicyName: policyName,
PolicyDocument: policyDocument,
});
const response = await client.send(command);
console.log(response);
return response;
};
```
+ 如需 API 詳細資訊,請參閱 *適用於 JavaScript 的 AWS SDK API Reference* 中的 [PutRolePolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/PutRolePolicyCommand)。
### `UpdateAccessKey`
以下程式碼範例顯示如何使用 `UpdateAccessKey`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
更新存取金鑰。
```
import {
UpdateAccessKeyCommand,
IAMClient,
StatusType,
} from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} userName
* @param {string} accessKeyId
*/
export const updateAccessKey = (userName, accessKeyId) => {
const command = new UpdateAccessKeyCommand({
AccessKeyId: accessKeyId,
Status: StatusType.Inactive,
UserName: userName,
});
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK 開發人員指南》[https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-managing-access-keys.html#iam-examples-managing-access-keys-updating](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-managing-access-keys.html#iam-examples-managing-access-keys-updating)。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [UpdateAccessKey](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/UpdateAccessKeyCommand)。
### `UpdateServerCertificate`
以下程式碼範例顯示如何使用 `UpdateServerCertificate`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
更新伺服器憑證。
```
import { UpdateServerCertificateCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} currentName
* @param {string} newName
*/
export const updateServerCertificate = (currentName, newName) => {
const command = new UpdateServerCertificateCommand({
ServerCertificateName: currentName,
NewServerCertificateName: newName,
});
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK 開發人員指南》[https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-server-certificates.html#iam-examples-server-certificates-updating](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-server-certificates.html#iam-examples-server-certificates-updating)。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 [UpdateServerCertificate](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/UpdateServerCertificateCommand)。
### `UpdateUser`
以下程式碼範例顯示如何使用 `UpdateUser`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
更新使用者。
```
import { UpdateUserCommand, IAMClient } from "@aws-sdk/client-iam";
const client = new IAMClient({});
/**
*
* @param {string} currentUserName
* @param {string} newUserName
*/
export const updateUser = (currentUserName, newUserName) => {
const command = new UpdateUserCommand({
UserName: currentUserName,
NewUserName: newUserName,
});
return client.send(command);
};
```
+ 如需詳細資訊,請參閱《[適用於 JavaScript 的 AWS SDK 開發人員指南](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/iam-examples-managing-users.html#iam-examples-managing-users-updating-users)》。
+ 如需 API 詳細資訊,請參閱《適用於 JavaScript 的 AWS SDK API 參考》中的 *UpdateUser*。
### `UploadServerCertificate`
以下程式碼範例顯示如何使用 `UploadServerCertificate`。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/iam#code-examples)中設定和執行。
```
import { UploadServerCertificateCommand, IAMClient } from "@aws-sdk/client-iam";
import { readFileSync } from "node:fs";
import { dirnameFromMetaUrl } from "@aws-doc-sdk-examples/lib/utils/util-fs.js";
import * as path from "node:path";
const client = new IAMClient({});
const certMessage = `Generate a certificate and key with the following command, or the equivalent for your system.
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-keyout example.key -out example.crt -subj "/CN=example.com" \
-addext "subjectAltName=DNS:example.com,DNS:www.example.net,IP:10.0.0.1"
`;
const getCertAndKey = () => {
try {
const cert = readFileSync(
path.join(dirnameFromMetaUrl(import.meta.url), "./example.crt"),
);
const key = readFileSync(
path.join(dirnameFromMetaUrl(import.meta.url), "./example.key"),
);
return { cert, key };
} catch (err) {
if (err.code === "ENOENT") {
throw new Error(
`Certificate and/or private key not found. ${certMessage}`,
);
}
throw err;
}
};
/**
*
* @param {string} certificateName
*/
export const uploadServerCertificate = (certificateName) => {
const { cert, key } = getCertAndKey();
const command = new UploadServerCertificateCommand({
ServerCertificateName: certificateName,
CertificateBody: cert.toString(),
PrivateKey: key.toString(),
});
return client.send(command);
};
```
+ 如需 API 詳細資訊,請參閱 *適用於 JavaScript 的 AWS SDK API Reference* 中的 [UploadServerCertificate](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/UploadServerCertificateCommand)。
## 案例
### 建置及管理彈性服務
下列程式碼範例會示範如何建立負載平衡的 Web 服務,以傳回書籍、影片和歌曲建議。此範例顯示服務如何回應失故障,以及如何在發生故障時重組服務以提高復原能力。
+ 使用 Amazon EC2 Auto Scaling 群組根據啟動範本建立 Amazon Elastic Compute Cloud (Amazon EC2) 執行個體,並將執行個體數量保持在指定範圍內。
+ 使用 Elastic Load Balancing 處理和分發 HTTP 請求。
+ 監控 Auto Scaling 群組中執行個體的運作狀態,並且只將請求轉送給運作良好的執行個體。
+ 在每個 EC2 執行個體上執行一個 Python Web 伺服器來處理 HTTP 請求。Web 伺服器會回應建議和運作狀態檢查。
+ 使用 Amazon DynamoDB 資料表模擬建議服務。
+ 透過更新 AWS Systems Manager 參數來控制 Web 伺服器對請求和運作狀態檢查的回應。
**適用於 JavaScript (v3) 的 SDK**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/cross-services/wkflw-resilient-service#code-examples)中設定和執行。
在命令提示中執行互動式案例。
```
#!/usr/bin/env node
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
import {
Scenario,
parseScenarioArgs,
} from "@aws-doc-sdk-examples/lib/scenario/index.js";
/**
* The workflow steps are split into three stages:
* - deploy
* - demo
* - destroy
*
* Each of these stages has a corresponding file prefixed with steps-*.
*/
import { deploySteps } from "./steps-deploy.js";
import { demoSteps } from "./steps-demo.js";
import { destroySteps } from "./steps-destroy.js";
/**
* The context is passed to every scenario. Scenario steps
* will modify the context.
*/
const context = {};
/**
* Three Scenarios are created for the workflow. A Scenario is an orchestration class
* that simplifies running a series of steps.
*/
export const scenarios = {
// Deploys all resources necessary for the workflow.
deploy: new Scenario("Resilient Workflow - Deploy", deploySteps, context),
// Demonstrates how a fragile web service can be made more resilient.
demo: new Scenario("Resilient Workflow - Demo", demoSteps, context),
// Destroys the resources created for the workflow.
destroy: new Scenario("Resilient Workflow - Destroy", destroySteps, context),
};
// Call function if run directly
import { fileURLToPath } from "node:url";
if (process.argv[1] === fileURLToPath(import.meta.url)) {
parseScenarioArgs(scenarios, {
name: "Resilient Workflow",
synopsis:
"node index.js --scenario [-h|--help] [-y|--yes] [-v|--verbose]",
description: "Deploy and interact with scalable EC2 instances.",
});
}
```
建立步驟以部署所有資源。
```
import { join } from "node:path";
import { readFileSync, writeFileSync } from "node:fs";
import axios from "axios";
import {
BatchWriteItemCommand,
CreateTableCommand,
DynamoDBClient,
waitUntilTableExists,
} from "@aws-sdk/client-dynamodb";
import {
EC2Client,
CreateKeyPairCommand,
CreateLaunchTemplateCommand,
DescribeAvailabilityZonesCommand,
DescribeVpcsCommand,
DescribeSubnetsCommand,
DescribeSecurityGroupsCommand,
AuthorizeSecurityGroupIngressCommand,
} from "@aws-sdk/client-ec2";
import {
IAMClient,
CreatePolicyCommand,
CreateRoleCommand,
CreateInstanceProfileCommand,
AddRoleToInstanceProfileCommand,
AttachRolePolicyCommand,
waitUntilInstanceProfileExists,
} from "@aws-sdk/client-iam";
import { SSMClient, GetParameterCommand } from "@aws-sdk/client-ssm";
import {
CreateAutoScalingGroupCommand,
AutoScalingClient,
AttachLoadBalancerTargetGroupsCommand,
} from "@aws-sdk/client-auto-scaling";
import {
CreateListenerCommand,
CreateLoadBalancerCommand,
CreateTargetGroupCommand,
ElasticLoadBalancingV2Client,
waitUntilLoadBalancerAvailable,
} from "@aws-sdk/client-elastic-load-balancing-v2";
import {
ScenarioOutput,
ScenarioInput,
ScenarioAction,
} from "@aws-doc-sdk-examples/lib/scenario/index.js";
import { saveState } from "@aws-doc-sdk-examples/lib/scenario/steps-common.js";
import { retry } from "@aws-doc-sdk-examples/lib/utils/util-timers.js";
import { MESSAGES, NAMES, RESOURCES_PATH, ROOT } from "./constants.js";
import { initParamsSteps } from "./steps-reset-params.js";
/**
* @type {import('@aws-doc-sdk-examples/lib/scenario.js').Step[]}
*/
export const deploySteps = [
new ScenarioOutput("introduction", MESSAGES.introduction, { header: true }),
new ScenarioInput("confirmDeployment", MESSAGES.confirmDeployment, {
type: "confirm",
}),
new ScenarioAction(
"handleConfirmDeployment",
(c) => c.confirmDeployment === false && process.exit(),
),
new ScenarioOutput(
"creatingTable",
MESSAGES.creatingTable.replace("${TABLE_NAME}", NAMES.tableName),
),
new ScenarioAction("createTable", async () => {
const client = new DynamoDBClient({});
await client.send(
new CreateTableCommand({
TableName: NAMES.tableName,
ProvisionedThroughput: {
ReadCapacityUnits: 5,
WriteCapacityUnits: 5,
},
AttributeDefinitions: [
{
AttributeName: "MediaType",
AttributeType: "S",
},
{
AttributeName: "ItemId",
AttributeType: "N",
},
],
KeySchema: [
{
AttributeName: "MediaType",
KeyType: "HASH",
},
{
AttributeName: "ItemId",
KeyType: "RANGE",
},
],
}),
);
await waitUntilTableExists({ client }, { TableName: NAMES.tableName });
}),
new ScenarioOutput(
"createdTable",
MESSAGES.createdTable.replace("${TABLE_NAME}", NAMES.tableName),
),
new ScenarioOutput(
"populatingTable",
MESSAGES.populatingTable.replace("${TABLE_NAME}", NAMES.tableName),
),
new ScenarioAction("populateTable", () => {
const client = new DynamoDBClient({});
/**
* @type {{ default: import("@aws-sdk/client-dynamodb").PutRequest['Item'][] }}
*/
const recommendations = JSON.parse(
readFileSync(join(RESOURCES_PATH, "recommendations.json")),
);
return client.send(
new BatchWriteItemCommand({
RequestItems: {
[NAMES.tableName]: recommendations.map((item) => ({
PutRequest: { Item: item },
})),
},
}),
);
}),
new ScenarioOutput(
"populatedTable",
MESSAGES.populatedTable.replace("${TABLE_NAME}", NAMES.tableName),
),
new ScenarioOutput(
"creatingKeyPair",
MESSAGES.creatingKeyPair.replace("${KEY_PAIR_NAME}", NAMES.keyPairName),
),
new ScenarioAction("createKeyPair", async () => {
const client = new EC2Client({});
const { KeyMaterial } = await client.send(
new CreateKeyPairCommand({
KeyName: NAMES.keyPairName,
}),
);
writeFileSync(`${NAMES.keyPairName}.pem`, KeyMaterial, { mode: 0o600 });
}),
new ScenarioOutput(
"createdKeyPair",
MESSAGES.createdKeyPair.replace("${KEY_PAIR_NAME}", NAMES.keyPairName),
),
new ScenarioOutput(
"creatingInstancePolicy",
MESSAGES.creatingInstancePolicy.replace(
"${INSTANCE_POLICY_NAME}",
NAMES.instancePolicyName,
),
),
new ScenarioAction("createInstancePolicy", async (state) => {
const client = new IAMClient({});
const {
Policy: { Arn },
} = await client.send(
new CreatePolicyCommand({
PolicyName: NAMES.instancePolicyName,
PolicyDocument: readFileSync(
join(RESOURCES_PATH, "instance_policy.json"),
),
}),
);
state.instancePolicyArn = Arn;
}),
new ScenarioOutput("createdInstancePolicy", (state) =>
MESSAGES.createdInstancePolicy
.replace("${INSTANCE_POLICY_NAME}", NAMES.instancePolicyName)
.replace("${INSTANCE_POLICY_ARN}", state.instancePolicyArn),
),
new ScenarioOutput(
"creatingInstanceRole",
MESSAGES.creatingInstanceRole.replace(
"${INSTANCE_ROLE_NAME}",
NAMES.instanceRoleName,
),
),
new ScenarioAction("createInstanceRole", () => {
const client = new IAMClient({});
return client.send(
new CreateRoleCommand({
RoleName: NAMES.instanceRoleName,
AssumeRolePolicyDocument: readFileSync(
join(ROOT, "assume-role-policy.json"),
),
}),
);
}),
new ScenarioOutput(
"createdInstanceRole",
MESSAGES.createdInstanceRole.replace(
"${INSTANCE_ROLE_NAME}",
NAMES.instanceRoleName,
),
),
new ScenarioOutput(
"attachingPolicyToRole",
MESSAGES.attachingPolicyToRole
.replace("${INSTANCE_ROLE_NAME}", NAMES.instanceRoleName)
.replace("${INSTANCE_POLICY_NAME}", NAMES.instancePolicyName),
),
new ScenarioAction("attachPolicyToRole", async (state) => {
const client = new IAMClient({});
await client.send(
new AttachRolePolicyCommand({
RoleName: NAMES.instanceRoleName,
PolicyArn: state.instancePolicyArn,
}),
);
}),
new ScenarioOutput(
"attachedPolicyToRole",
MESSAGES.attachedPolicyToRole
.replace("${INSTANCE_POLICY_NAME}", NAMES.instancePolicyName)
.replace("${INSTANCE_ROLE_NAME}", NAMES.instanceRoleName),
),
new ScenarioOutput(
"creatingInstanceProfile",
MESSAGES.creatingInstanceProfile.replace(
"${INSTANCE_PROFILE_NAME}",
NAMES.instanceProfileName,
),
),
new ScenarioAction("createInstanceProfile", async (state) => {
const client = new IAMClient({});
const {
InstanceProfile: { Arn },
} = await client.send(
new CreateInstanceProfileCommand({
InstanceProfileName: NAMES.instanceProfileName,
}),
);
state.instanceProfileArn = Arn;
await waitUntilInstanceProfileExists(
{ client },
{ InstanceProfileName: NAMES.instanceProfileName },
);
}),
new ScenarioOutput("createdInstanceProfile", (state) =>
MESSAGES.createdInstanceProfile
.replace("${INSTANCE_PROFILE_NAME}", NAMES.instanceProfileName)
.replace("${INSTANCE_PROFILE_ARN}", state.instanceProfileArn),
),
new ScenarioOutput(
"addingRoleToInstanceProfile",
MESSAGES.addingRoleToInstanceProfile
.replace("${INSTANCE_PROFILE_NAME}", NAMES.instanceProfileName)
.replace("${INSTANCE_ROLE_NAME}", NAMES.instanceRoleName),
),
new ScenarioAction("addRoleToInstanceProfile", () => {
const client = new IAMClient({});
return client.send(
new AddRoleToInstanceProfileCommand({
RoleName: NAMES.instanceRoleName,
InstanceProfileName: NAMES.instanceProfileName,
}),
);
}),
new ScenarioOutput(
"addedRoleToInstanceProfile",
MESSAGES.addedRoleToInstanceProfile
.replace("${INSTANCE_PROFILE_NAME}", NAMES.instanceProfileName)
.replace("${INSTANCE_ROLE_NAME}", NAMES.instanceRoleName),
),
...initParamsSteps,
new ScenarioOutput("creatingLaunchTemplate", MESSAGES.creatingLaunchTemplate),
new ScenarioAction("createLaunchTemplate", async () => {
const ssmClient = new SSMClient({});
const { Parameter } = await ssmClient.send(
new GetParameterCommand({
Name: "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2",
}),
);
const ec2Client = new EC2Client({});
await ec2Client.send(
new CreateLaunchTemplateCommand({
LaunchTemplateName: NAMES.launchTemplateName,
LaunchTemplateData: {
InstanceType: "t3.micro",
ImageId: Parameter.Value,
IamInstanceProfile: { Name: NAMES.instanceProfileName },
UserData: readFileSync(
join(RESOURCES_PATH, "server_startup_script.sh"),
).toString("base64"),
KeyName: NAMES.keyPairName,
},
}),
);
}),
new ScenarioOutput(
"createdLaunchTemplate",
MESSAGES.createdLaunchTemplate.replace(
"${LAUNCH_TEMPLATE_NAME}",
NAMES.launchTemplateName,
),
),
new ScenarioOutput(
"creatingAutoScalingGroup",
MESSAGES.creatingAutoScalingGroup.replace(
"${AUTO_SCALING_GROUP_NAME}",
NAMES.autoScalingGroupName,
),
),
new ScenarioAction("createAutoScalingGroup", async (state) => {
const ec2Client = new EC2Client({});
const { AvailabilityZones } = await ec2Client.send(
new DescribeAvailabilityZonesCommand({}),
);
state.availabilityZoneNames = AvailabilityZones.map((az) => az.ZoneName);
const autoScalingClient = new AutoScalingClient({});
await retry({ intervalInMs: 1000, maxRetries: 30 }, () =>
autoScalingClient.send(
new CreateAutoScalingGroupCommand({
AvailabilityZones: state.availabilityZoneNames,
AutoScalingGroupName: NAMES.autoScalingGroupName,
LaunchTemplate: {
LaunchTemplateName: NAMES.launchTemplateName,
Version: "$Default",
},
MinSize: 3,
MaxSize: 3,
}),
),
);
}),
new ScenarioOutput(
"createdAutoScalingGroup",
/**
* @param {{ availabilityZoneNames: string[] }} state
*/
(state) =>
MESSAGES.createdAutoScalingGroup
.replace("${AUTO_SCALING_GROUP_NAME}", NAMES.autoScalingGroupName)
.replace(
"${AVAILABILITY_ZONE_NAMES}",
state.availabilityZoneNames.join(", "),
),
),
new ScenarioInput("confirmContinue", MESSAGES.confirmContinue, {
type: "confirm",
}),
new ScenarioOutput("loadBalancer", MESSAGES.loadBalancer),
new ScenarioOutput("gettingVpc", MESSAGES.gettingVpc),
new ScenarioAction("getVpc", async (state) => {
const client = new EC2Client({});
const { Vpcs } = await client.send(
new DescribeVpcsCommand({
Filters: [{ Name: "is-default", Values: ["true"] }],
}),
);
state.defaultVpc = Vpcs[0].VpcId;
}),
new ScenarioOutput("gotVpc", (state) =>
MESSAGES.gotVpc.replace("${VPC_ID}", state.defaultVpc),
),
new ScenarioOutput("gettingSubnets", MESSAGES.gettingSubnets),
new ScenarioAction("getSubnets", async (state) => {
const client = new EC2Client({});
const { Subnets } = await client.send(
new DescribeSubnetsCommand({
Filters: [
{ Name: "vpc-id", Values: [state.defaultVpc] },
{ Name: "availability-zone", Values: state.availabilityZoneNames },
{ Name: "default-for-az", Values: ["true"] },
],
}),
);
state.subnets = Subnets.map((subnet) => subnet.SubnetId);
}),
new ScenarioOutput(
"gotSubnets",
/**
* @param {{ subnets: string[] }} state
*/
(state) =>
MESSAGES.gotSubnets.replace("${SUBNETS}", state.subnets.join(", ")),
),
new ScenarioOutput(
"creatingLoadBalancerTargetGroup",
MESSAGES.creatingLoadBalancerTargetGroup.replace(
"${TARGET_GROUP_NAME}",
NAMES.loadBalancerTargetGroupName,
),
),
new ScenarioAction("createLoadBalancerTargetGroup", async (state) => {
const client = new ElasticLoadBalancingV2Client({});
const { TargetGroups } = await client.send(
new CreateTargetGroupCommand({
Name: NAMES.loadBalancerTargetGroupName,
Protocol: "HTTP",
Port: 80,
HealthCheckPath: "/healthcheck",
HealthCheckIntervalSeconds: 10,
HealthCheckTimeoutSeconds: 5,
HealthyThresholdCount: 2,
UnhealthyThresholdCount: 2,
VpcId: state.defaultVpc,
}),
);
const targetGroup = TargetGroups[0];
state.targetGroupArn = targetGroup.TargetGroupArn;
state.targetGroupProtocol = targetGroup.Protocol;
state.targetGroupPort = targetGroup.Port;
}),
new ScenarioOutput(
"createdLoadBalancerTargetGroup",
MESSAGES.createdLoadBalancerTargetGroup.replace(
"${TARGET_GROUP_NAME}",
NAMES.loadBalancerTargetGroupName,
),
),
new ScenarioOutput(
"creatingLoadBalancer",
MESSAGES.creatingLoadBalancer.replace("${LB_NAME}", NAMES.loadBalancerName),
),
new ScenarioAction("createLoadBalancer", async (state) => {
const client = new ElasticLoadBalancingV2Client({});
const { LoadBalancers } = await client.send(
new CreateLoadBalancerCommand({
Name: NAMES.loadBalancerName,
Subnets: state.subnets,
}),
);
state.loadBalancerDns = LoadBalancers[0].DNSName;
state.loadBalancerArn = LoadBalancers[0].LoadBalancerArn;
await waitUntilLoadBalancerAvailable(
{ client },
{ Names: [NAMES.loadBalancerName] },
);
}),
new ScenarioOutput("createdLoadBalancer", (state) =>
MESSAGES.createdLoadBalancer
.replace("${LB_NAME}", NAMES.loadBalancerName)
.replace("${DNS_NAME}", state.loadBalancerDns),
),
new ScenarioOutput(
"creatingListener",
MESSAGES.creatingLoadBalancerListener
.replace("${LB_NAME}", NAMES.loadBalancerName)
.replace("${TARGET_GROUP_NAME}", NAMES.loadBalancerTargetGroupName),
),
new ScenarioAction("createListener", async (state) => {
const client = new ElasticLoadBalancingV2Client({});
const { Listeners } = await client.send(
new CreateListenerCommand({
LoadBalancerArn: state.loadBalancerArn,
Protocol: state.targetGroupProtocol,
Port: state.targetGroupPort,
DefaultActions: [
{ Type: "forward", TargetGroupArn: state.targetGroupArn },
],
}),
);
const listener = Listeners[0];
state.loadBalancerListenerArn = listener.ListenerArn;
}),
new ScenarioOutput("createdListener", (state) =>
MESSAGES.createdLoadBalancerListener.replace(
"${LB_LISTENER_ARN}",
state.loadBalancerListenerArn,
),
),
new ScenarioOutput(
"attachingLoadBalancerTargetGroup",
MESSAGES.attachingLoadBalancerTargetGroup
.replace("${TARGET_GROUP_NAME}", NAMES.loadBalancerTargetGroupName)
.replace("${AUTO_SCALING_GROUP_NAME}", NAMES.autoScalingGroupName),
),
new ScenarioAction("attachLoadBalancerTargetGroup", async (state) => {
const client = new AutoScalingClient({});
await client.send(
new AttachLoadBalancerTargetGroupsCommand({
AutoScalingGroupName: NAMES.autoScalingGroupName,
TargetGroupARNs: [state.targetGroupArn],
}),
);
}),
new ScenarioOutput(
"attachedLoadBalancerTargetGroup",
MESSAGES.attachedLoadBalancerTargetGroup,
),
new ScenarioOutput("verifyingInboundPort", MESSAGES.verifyingInboundPort),
new ScenarioAction(
"verifyInboundPort",
/**
*
* @param {{ defaultSecurityGroup: import('@aws-sdk/client-ec2').SecurityGroup}} state
*/
async (state) => {
const client = new EC2Client({});
const { SecurityGroups } = await client.send(
new DescribeSecurityGroupsCommand({
Filters: [{ Name: "group-name", Values: ["default"] }],
}),
);
if (!SecurityGroups) {
state.verifyInboundPortError = new Error(MESSAGES.noSecurityGroups);
}
state.defaultSecurityGroup = SecurityGroups[0];
/**
* @type {string}
*/
const ipResponse = (await axios.get("http://checkip.amazonaws.com")).data;
state.myIp = ipResponse.trim();
const myIpRules = state.defaultSecurityGroup.IpPermissions.filter(
({ IpRanges }) =>
IpRanges.some(
({ CidrIp }) =>
CidrIp.startsWith(state.myIp) || CidrIp === "0.0.0.0/0",
),
)
.filter(({ IpProtocol }) => IpProtocol === "tcp")
.filter(({ FromPort }) => FromPort === 80);
state.myIpRules = myIpRules;
},
),
new ScenarioOutput(
"verifiedInboundPort",
/**
* @param {{ myIpRules: any[] }} state
*/
(state) => {
if (state.myIpRules.length > 0) {
return MESSAGES.foundIpRules.replace(
"${IP_RULES}",
JSON.stringify(state.myIpRules, null, 2),
);
}
return MESSAGES.noIpRules;
},
),
new ScenarioInput(
"shouldAddInboundRule",
/**
* @param {{ myIpRules: any[] }} state
*/
(state) => {
if (state.myIpRules.length > 0) {
return false;
}
return MESSAGES.noIpRules;
},
{ type: "confirm" },
),
new ScenarioAction(
"addInboundRule",
/**
* @param {{ defaultSecurityGroup: import('@aws-sdk/client-ec2').SecurityGroup }} state
*/
async (state) => {
if (!state.shouldAddInboundRule) {
return;
}
const client = new EC2Client({});
await client.send(
new AuthorizeSecurityGroupIngressCommand({
GroupId: state.defaultSecurityGroup.GroupId,
CidrIp: `${state.myIp}/32`,
FromPort: 80,
ToPort: 80,
IpProtocol: "tcp",
}),
);
},
),
new ScenarioOutput("addedInboundRule", (state) => {
if (state.shouldAddInboundRule) {
return MESSAGES.addedInboundRule.replace("${IP_ADDRESS}", state.myIp);
}
return false;
}),
new ScenarioOutput("verifyingEndpoint", (state) =>
MESSAGES.verifyingEndpoint.replace("${DNS_NAME}", state.loadBalancerDns),
),
new ScenarioAction("verifyEndpoint", async (state) => {
try {
const response = await retry({ intervalInMs: 2000, maxRetries: 30 }, () =>
axios.get(`http://${state.loadBalancerDns}`),
);
state.endpointResponse = JSON.stringify(response.data, null, 2);
} catch (e) {
state.verifyEndpointError = e;
}
}),
new ScenarioOutput("verifiedEndpoint", (state) => {
if (state.verifyEndpointError) {
console.error(state.verifyEndpointError);
} else {
return MESSAGES.verifiedEndpoint.replace(
"${ENDPOINT_RESPONSE}",
state.endpointResponse,
);
}
}),
saveState,
];
```
建立步驟以執行示範。
```
import { readFileSync } from "node:fs";
import { join } from "node:path";
import axios from "axios";
import {
DescribeTargetGroupsCommand,
DescribeTargetHealthCommand,
ElasticLoadBalancingV2Client,
} from "@aws-sdk/client-elastic-load-balancing-v2";
import {
DescribeInstanceInformationCommand,
PutParameterCommand,
SSMClient,
SendCommandCommand,
} from "@aws-sdk/client-ssm";
import {
IAMClient,
CreatePolicyCommand,
CreateRoleCommand,
AttachRolePolicyCommand,
CreateInstanceProfileCommand,
AddRoleToInstanceProfileCommand,
waitUntilInstanceProfileExists,
} from "@aws-sdk/client-iam";
import {
AutoScalingClient,
DescribeAutoScalingGroupsCommand,
TerminateInstanceInAutoScalingGroupCommand,
} from "@aws-sdk/client-auto-scaling";
import {
DescribeIamInstanceProfileAssociationsCommand,
EC2Client,
RebootInstancesCommand,
ReplaceIamInstanceProfileAssociationCommand,
} from "@aws-sdk/client-ec2";
import {
ScenarioAction,
ScenarioInput,
ScenarioOutput,
} from "@aws-doc-sdk-examples/lib/scenario/scenario.js";
import { retry } from "@aws-doc-sdk-examples/lib/utils/util-timers.js";
import { MESSAGES, NAMES, RESOURCES_PATH } from "./constants.js";
import { findLoadBalancer } from "./shared.js";
const getRecommendation = new ScenarioAction(
"getRecommendation",
async (state) => {
const loadBalancer = await findLoadBalancer(NAMES.loadBalancerName);
if (loadBalancer) {
state.loadBalancerDnsName = loadBalancer.DNSName;
try {
state.recommendation = (
await axios.get(`http://${state.loadBalancerDnsName}`)
).data;
} catch (e) {
state.recommendation = e instanceof Error ? e.message : e;
}
} else {
throw new Error(MESSAGES.demoFindLoadBalancerError);
}
},
);
const getRecommendationResult = new ScenarioOutput(
"getRecommendationResult",
(state) =>
`Recommendation:\n${JSON.stringify(state.recommendation, null, 2)}`,
{ preformatted: true },
);
const getHealthCheck = new ScenarioAction("getHealthCheck", async (state) => {
const client = new ElasticLoadBalancingV2Client({});
const { TargetGroups } = await client.send(
new DescribeTargetGroupsCommand({
Names: [NAMES.loadBalancerTargetGroupName],
}),
);
const { TargetHealthDescriptions } = await client.send(
new DescribeTargetHealthCommand({
TargetGroupArn: TargetGroups[0].TargetGroupArn,
}),
);
state.targetHealthDescriptions = TargetHealthDescriptions;
});
const getHealthCheckResult = new ScenarioOutput(
"getHealthCheckResult",
/**
* @param {{ targetHealthDescriptions: import('@aws-sdk/client-elastic-load-balancing-v2').TargetHealthDescription[]}} state
*/
(state) => {
const status = state.targetHealthDescriptions
.map((th) => `${th.Target.Id}: ${th.TargetHealth.State}`)
.join("\n");
return `Health check:\n${status}`;
},
{ preformatted: true },
);
const loadBalancerLoop = new ScenarioAction(
"loadBalancerLoop",
getRecommendation.action,
{
whileConfig: {
whileFn: ({ loadBalancerCheck }) => loadBalancerCheck,
input: new ScenarioInput(
"loadBalancerCheck",
MESSAGES.demoLoadBalancerCheck,
{
type: "confirm",
},
),
output: getRecommendationResult,
},
},
);
const healthCheckLoop = new ScenarioAction(
"healthCheckLoop",
getHealthCheck.action,
{
whileConfig: {
whileFn: ({ healthCheck }) => healthCheck,
input: new ScenarioInput("healthCheck", MESSAGES.demoHealthCheck, {
type: "confirm",
}),
output: getHealthCheckResult,
},
},
);
const statusSteps = [
getRecommendation,
getRecommendationResult,
getHealthCheck,
getHealthCheckResult,
];
/**
* @type {import('@aws-doc-sdk-examples/lib/scenario.js').Step[]}
*/
export const demoSteps = [
new ScenarioOutput("header", MESSAGES.demoHeader, { header: true }),
new ScenarioOutput("sanityCheck", MESSAGES.demoSanityCheck),
...statusSteps,
new ScenarioInput(
"brokenDependencyConfirmation",
MESSAGES.demoBrokenDependencyConfirmation,
{ type: "confirm" },
),
new ScenarioAction("brokenDependency", async (state) => {
if (!state.brokenDependencyConfirmation) {
process.exit();
} else {
const client = new SSMClient({});
state.badTableName = `fake-table-${Date.now()}`;
await client.send(
new PutParameterCommand({
Name: NAMES.ssmTableNameKey,
Value: state.badTableName,
Overwrite: true,
Type: "String",
}),
);
}
}),
new ScenarioOutput("testBrokenDependency", (state) =>
MESSAGES.demoTestBrokenDependency.replace(
"${TABLE_NAME}",
state.badTableName,
),
),
...statusSteps,
new ScenarioInput(
"staticResponseConfirmation",
MESSAGES.demoStaticResponseConfirmation,
{ type: "confirm" },
),
new ScenarioAction("staticResponse", async (state) => {
if (!state.staticResponseConfirmation) {
process.exit();
} else {
const client = new SSMClient({});
await client.send(
new PutParameterCommand({
Name: NAMES.ssmFailureResponseKey,
Value: "static",
Overwrite: true,
Type: "String",
}),
);
}
}),
new ScenarioOutput("testStaticResponse", MESSAGES.demoTestStaticResponse),
...statusSteps,
new ScenarioInput(
"badCredentialsConfirmation",
MESSAGES.demoBadCredentialsConfirmation,
{ type: "confirm" },
),
new ScenarioAction("badCredentialsExit", (state) => {
if (!state.badCredentialsConfirmation) {
process.exit();
}
}),
new ScenarioAction("fixDynamoDBName", async () => {
const client = new SSMClient({});
await client.send(
new PutParameterCommand({
Name: NAMES.ssmTableNameKey,
Value: NAMES.tableName,
Overwrite: true,
Type: "String",
}),
);
}),
new ScenarioAction(
"badCredentials",
/**
* @param {{ targetInstance: import('@aws-sdk/client-auto-scaling').Instance }} state
*/
async (state) => {
await createSsmOnlyInstanceProfile();
const autoScalingClient = new AutoScalingClient({});
const { AutoScalingGroups } = await autoScalingClient.send(
new DescribeAutoScalingGroupsCommand({
AutoScalingGroupNames: [NAMES.autoScalingGroupName],
}),
);
state.targetInstance = AutoScalingGroups[0].Instances[0];
const ec2Client = new EC2Client({});
const { IamInstanceProfileAssociations } = await ec2Client.send(
new DescribeIamInstanceProfileAssociationsCommand({
Filters: [
{ Name: "instance-id", Values: [state.targetInstance.InstanceId] },
],
}),
);
state.instanceProfileAssociationId =
IamInstanceProfileAssociations[0].AssociationId;
await retry({ intervalInMs: 1000, maxRetries: 30 }, () =>
ec2Client.send(
new ReplaceIamInstanceProfileAssociationCommand({
AssociationId: state.instanceProfileAssociationId,
IamInstanceProfile: { Name: NAMES.ssmOnlyInstanceProfileName },
}),
),
);
await ec2Client.send(
new RebootInstancesCommand({
InstanceIds: [state.targetInstance.InstanceId],
}),
);
const ssmClient = new SSMClient({});
await retry({ intervalInMs: 20000, maxRetries: 15 }, async () => {
const { InstanceInformationList } = await ssmClient.send(
new DescribeInstanceInformationCommand({}),
);
const instance = InstanceInformationList.find(
(info) => info.InstanceId === state.targetInstance.InstanceId,
);
if (!instance) {
throw new Error("Instance not found.");
}
});
await ssmClient.send(
new SendCommandCommand({
InstanceIds: [state.targetInstance.InstanceId],
DocumentName: "AWS-RunShellScript",
Parameters: { commands: ["cd / && sudo python3 server.py 80"] },
}),
);
},
),
new ScenarioOutput(
"testBadCredentials",
/**
* @param {{ targetInstance: import('@aws-sdk/client-ssm').InstanceInformation}} state
*/
(state) =>
MESSAGES.demoTestBadCredentials.replace(
"${INSTANCE_ID}",
state.targetInstance.InstanceId,
),
),
loadBalancerLoop,
new ScenarioInput(
"deepHealthCheckConfirmation",
MESSAGES.demoDeepHealthCheckConfirmation,
{ type: "confirm" },
),
new ScenarioAction("deepHealthCheckExit", (state) => {
if (!state.deepHealthCheckConfirmation) {
process.exit();
}
}),
new ScenarioAction("deepHealthCheck", async () => {
const client = new SSMClient({});
await client.send(
new PutParameterCommand({
Name: NAMES.ssmHealthCheckKey,
Value: "deep",
Overwrite: true,
Type: "String",
}),
);
}),
new ScenarioOutput("testDeepHealthCheck", MESSAGES.demoTestDeepHealthCheck),
healthCheckLoop,
loadBalancerLoop,
new ScenarioInput(
"killInstanceConfirmation",
/**
* @param {{ targetInstance: import('@aws-sdk/client-ssm').InstanceInformation }} state
*/
(state) =>
MESSAGES.demoKillInstanceConfirmation.replace(
"${INSTANCE_ID}",
state.targetInstance.InstanceId,
),
{ type: "confirm" },
),
new ScenarioAction("killInstanceExit", (state) => {
if (!state.killInstanceConfirmation) {
process.exit();
}
}),
new ScenarioAction(
"killInstance",
/**
* @param {{ targetInstance: import('@aws-sdk/client-ssm').InstanceInformation }} state
*/
async (state) => {
const client = new AutoScalingClient({});
await client.send(
new TerminateInstanceInAutoScalingGroupCommand({
InstanceId: state.targetInstance.InstanceId,
ShouldDecrementDesiredCapacity: false,
}),
);
},
),
new ScenarioOutput("testKillInstance", MESSAGES.demoTestKillInstance),
healthCheckLoop,
loadBalancerLoop,
new ScenarioInput("failOpenConfirmation", MESSAGES.demoFailOpenConfirmation, {
type: "confirm",
}),
new ScenarioAction("failOpenExit", (state) => {
if (!state.failOpenConfirmation) {
process.exit();
}
}),
new ScenarioAction("failOpen", () => {
const client = new SSMClient({});
return client.send(
new PutParameterCommand({
Name: NAMES.ssmTableNameKey,
Value: `fake-table-${Date.now()}`,
Overwrite: true,
Type: "String",
}),
);
}),
new ScenarioOutput("testFailOpen", MESSAGES.demoFailOpenTest),
healthCheckLoop,
loadBalancerLoop,
new ScenarioInput(
"resetTableConfirmation",
MESSAGES.demoResetTableConfirmation,
{ type: "confirm" },
),
new ScenarioAction("resetTableExit", (state) => {
if (!state.resetTableConfirmation) {
process.exit();
}
}),
new ScenarioAction("resetTable", async () => {
const client = new SSMClient({});
await client.send(
new PutParameterCommand({
Name: NAMES.ssmTableNameKey,
Value: NAMES.tableName,
Overwrite: true,
Type: "String",
}),
);
}),
new ScenarioOutput("testResetTable", MESSAGES.demoTestResetTable),
healthCheckLoop,
loadBalancerLoop,
];
async function createSsmOnlyInstanceProfile() {
const iamClient = new IAMClient({});
const { Policy } = await iamClient.send(
new CreatePolicyCommand({
PolicyName: NAMES.ssmOnlyPolicyName,
PolicyDocument: readFileSync(
join(RESOURCES_PATH, "ssm_only_policy.json"),
),
}),
);
await iamClient.send(
new CreateRoleCommand({
RoleName: NAMES.ssmOnlyRoleName,
AssumeRolePolicyDocument: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: { Service: "ec2.amazonaws.com" },
Action: "sts:AssumeRole",
},
],
}),
}),
);
await iamClient.send(
new AttachRolePolicyCommand({
RoleName: NAMES.ssmOnlyRoleName,
PolicyArn: Policy.Arn,
}),
);
await iamClient.send(
new AttachRolePolicyCommand({
RoleName: NAMES.ssmOnlyRoleName,
PolicyArn: "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
}),
);
const { InstanceProfile } = await iamClient.send(
new CreateInstanceProfileCommand({
InstanceProfileName: NAMES.ssmOnlyInstanceProfileName,
}),
);
await waitUntilInstanceProfileExists(
{ client: iamClient },
{ InstanceProfileName: NAMES.ssmOnlyInstanceProfileName },
);
await iamClient.send(
new AddRoleToInstanceProfileCommand({
InstanceProfileName: NAMES.ssmOnlyInstanceProfileName,
RoleName: NAMES.ssmOnlyRoleName,
}),
);
return InstanceProfile;
}
```
建立步驟以銷毀所有資源。
```
import { unlinkSync } from "node:fs";
import { DynamoDBClient, DeleteTableCommand } from "@aws-sdk/client-dynamodb";
import {
EC2Client,
DeleteKeyPairCommand,
DeleteLaunchTemplateCommand,
RevokeSecurityGroupIngressCommand,
} from "@aws-sdk/client-ec2";
import {
IAMClient,
DeleteInstanceProfileCommand,
RemoveRoleFromInstanceProfileCommand,
DeletePolicyCommand,
DeleteRoleCommand,
DetachRolePolicyCommand,
paginateListPolicies,
} from "@aws-sdk/client-iam";
import {
AutoScalingClient,
DeleteAutoScalingGroupCommand,
TerminateInstanceInAutoScalingGroupCommand,
UpdateAutoScalingGroupCommand,
paginateDescribeAutoScalingGroups,
} from "@aws-sdk/client-auto-scaling";
import {
DeleteLoadBalancerCommand,
DeleteTargetGroupCommand,
DescribeTargetGroupsCommand,
ElasticLoadBalancingV2Client,
} from "@aws-sdk/client-elastic-load-balancing-v2";
import {
ScenarioOutput,
ScenarioInput,
ScenarioAction,
} from "@aws-doc-sdk-examples/lib/scenario/index.js";
import { loadState } from "@aws-doc-sdk-examples/lib/scenario/steps-common.js";
import { retry } from "@aws-doc-sdk-examples/lib/utils/util-timers.js";
import { MESSAGES, NAMES } from "./constants.js";
import { findLoadBalancer } from "./shared.js";
/**
* @type {import('@aws-doc-sdk-examples/lib/scenario.js').Step[]}
*/
export const destroySteps = [
loadState,
new ScenarioInput("destroy", MESSAGES.destroy, { type: "confirm" }),
new ScenarioAction(
"abort",
(state) => state.destroy === false && process.exit(),
),
new ScenarioAction("deleteTable", async (c) => {
try {
const client = new DynamoDBClient({});
await client.send(new DeleteTableCommand({ TableName: NAMES.tableName }));
} catch (e) {
c.deleteTableError = e;
}
}),
new ScenarioOutput("deleteTableResult", (state) => {
if (state.deleteTableError) {
console.error(state.deleteTableError);
return MESSAGES.deleteTableError.replace(
"${TABLE_NAME}",
NAMES.tableName,
);
}
return MESSAGES.deletedTable.replace("${TABLE_NAME}", NAMES.tableName);
}),
new ScenarioAction("deleteKeyPair", async (state) => {
try {
const client = new EC2Client({});
await client.send(
new DeleteKeyPairCommand({ KeyName: NAMES.keyPairName }),
);
unlinkSync(`${NAMES.keyPairName}.pem`);
} catch (e) {
state.deleteKeyPairError = e;
}
}),
new ScenarioOutput("deleteKeyPairResult", (state) => {
if (state.deleteKeyPairError) {
console.error(state.deleteKeyPairError);
return MESSAGES.deleteKeyPairError.replace(
"${KEY_PAIR_NAME}",
NAMES.keyPairName,
);
}
return MESSAGES.deletedKeyPair.replace(
"${KEY_PAIR_NAME}",
NAMES.keyPairName,
);
}),
new ScenarioAction("detachPolicyFromRole", async (state) => {
try {
const client = new IAMClient({});
const policy = await findPolicy(NAMES.instancePolicyName);
if (!policy) {
state.detachPolicyFromRoleError = new Error(
`Policy ${NAMES.instancePolicyName} not found.`,
);
} else {
await client.send(
new DetachRolePolicyCommand({
RoleName: NAMES.instanceRoleName,
PolicyArn: policy.Arn,
}),
);
}
} catch (e) {
state.detachPolicyFromRoleError = e;
}
}),
new ScenarioOutput("detachedPolicyFromRole", (state) => {
if (state.detachPolicyFromRoleError) {
console.error(state.detachPolicyFromRoleError);
return MESSAGES.detachPolicyFromRoleError
.replace("${INSTANCE_POLICY_NAME}", NAMES.instancePolicyName)
.replace("${INSTANCE_ROLE_NAME}", NAMES.instanceRoleName);
}
return MESSAGES.detachedPolicyFromRole
.replace("${INSTANCE_POLICY_NAME}", NAMES.instancePolicyName)
.replace("${INSTANCE_ROLE_NAME}", NAMES.instanceRoleName);
}),
new ScenarioAction("deleteInstancePolicy", async (state) => {
const client = new IAMClient({});
const policy = await findPolicy(NAMES.instancePolicyName);
if (!policy) {
state.deletePolicyError = new Error(
`Policy ${NAMES.instancePolicyName} not found.`,
);
} else {
return client.send(
new DeletePolicyCommand({
PolicyArn: policy.Arn,
}),
);
}
}),
new ScenarioOutput("deletePolicyResult", (state) => {
if (state.deletePolicyError) {
console.error(state.deletePolicyError);
return MESSAGES.deletePolicyError.replace(
"${INSTANCE_POLICY_NAME}",
NAMES.instancePolicyName,
);
}
return MESSAGES.deletedPolicy.replace(
"${INSTANCE_POLICY_NAME}",
NAMES.instancePolicyName,
);
}),
new ScenarioAction("removeRoleFromInstanceProfile", async (state) => {
try {
const client = new IAMClient({});
await client.send(
new RemoveRoleFromInstanceProfileCommand({
RoleName: NAMES.instanceRoleName,
InstanceProfileName: NAMES.instanceProfileName,
}),
);
} catch (e) {
state.removeRoleFromInstanceProfileError = e;
}
}),
new ScenarioOutput("removeRoleFromInstanceProfileResult", (state) => {
if (state.removeRoleFromInstanceProfile) {
console.error(state.removeRoleFromInstanceProfileError);
return MESSAGES.removeRoleFromInstanceProfileError
.replace("${INSTANCE_PROFILE_NAME}", NAMES.instanceProfileName)
.replace("${INSTANCE_ROLE_NAME}", NAMES.instanceRoleName);
}
return MESSAGES.removedRoleFromInstanceProfile
.replace("${INSTANCE_PROFILE_NAME}", NAMES.instanceProfileName)
.replace("${INSTANCE_ROLE_NAME}", NAMES.instanceRoleName);
}),
new ScenarioAction("deleteInstanceRole", async (state) => {
try {
const client = new IAMClient({});
await client.send(
new DeleteRoleCommand({
RoleName: NAMES.instanceRoleName,
}),
);
} catch (e) {
state.deleteInstanceRoleError = e;
}
}),
new ScenarioOutput("deleteInstanceRoleResult", (state) => {
if (state.deleteInstanceRoleError) {
console.error(state.deleteInstanceRoleError);
return MESSAGES.deleteInstanceRoleError.replace(
"${INSTANCE_ROLE_NAME}",
NAMES.instanceRoleName,
);
}
return MESSAGES.deletedInstanceRole.replace(
"${INSTANCE_ROLE_NAME}",
NAMES.instanceRoleName,
);
}),
new ScenarioAction("deleteInstanceProfile", async (state) => {
try {
const client = new IAMClient({});
await client.send(
new DeleteInstanceProfileCommand({
InstanceProfileName: NAMES.instanceProfileName,
}),
);
} catch (e) {
state.deleteInstanceProfileError = e;
}
}),
new ScenarioOutput("deleteInstanceProfileResult", (state) => {
if (state.deleteInstanceProfileError) {
console.error(state.deleteInstanceProfileError);
return MESSAGES.deleteInstanceProfileError.replace(
"${INSTANCE_PROFILE_NAME}",
NAMES.instanceProfileName,
);
}
return MESSAGES.deletedInstanceProfile.replace(
"${INSTANCE_PROFILE_NAME}",
NAMES.instanceProfileName,
);
}),
new ScenarioAction("deleteAutoScalingGroup", async (state) => {
try {
await terminateGroupInstances(NAMES.autoScalingGroupName);
await retry({ intervalInMs: 60000, maxRetries: 60 }, async () => {
await deleteAutoScalingGroup(NAMES.autoScalingGroupName);
});
} catch (e) {
state.deleteAutoScalingGroupError = e;
}
}),
new ScenarioOutput("deleteAutoScalingGroupResult", (state) => {
if (state.deleteAutoScalingGroupError) {
console.error(state.deleteAutoScalingGroupError);
return MESSAGES.deleteAutoScalingGroupError.replace(
"${AUTO_SCALING_GROUP_NAME}",
NAMES.autoScalingGroupName,
);
}
return MESSAGES.deletedAutoScalingGroup.replace(
"${AUTO_SCALING_GROUP_NAME}",
NAMES.autoScalingGroupName,
);
}),
new ScenarioAction("deleteLaunchTemplate", async (state) => {
const client = new EC2Client({});
try {
await client.send(
new DeleteLaunchTemplateCommand({
LaunchTemplateName: NAMES.launchTemplateName,
}),
);
} catch (e) {
state.deleteLaunchTemplateError = e;
}
}),
new ScenarioOutput("deleteLaunchTemplateResult", (state) => {
if (state.deleteLaunchTemplateError) {
console.error(state.deleteLaunchTemplateError);
return MESSAGES.deleteLaunchTemplateError.replace(
"${LAUNCH_TEMPLATE_NAME}",
NAMES.launchTemplateName,
);
}
return MESSAGES.deletedLaunchTemplate.replace(
"${LAUNCH_TEMPLATE_NAME}",
NAMES.launchTemplateName,
);
}),
new ScenarioAction("deleteLoadBalancer", async (state) => {
try {
const client = new ElasticLoadBalancingV2Client({});
const loadBalancer = await findLoadBalancer(NAMES.loadBalancerName);
await client.send(
new DeleteLoadBalancerCommand({
LoadBalancerArn: loadBalancer.LoadBalancerArn,
}),
);
await retry({ intervalInMs: 1000, maxRetries: 60 }, async () => {
const lb = await findLoadBalancer(NAMES.loadBalancerName);
if (lb) {
throw new Error("Load balancer still exists.");
}
});
} catch (e) {
state.deleteLoadBalancerError = e;
}
}),
new ScenarioOutput("deleteLoadBalancerResult", (state) => {
if (state.deleteLoadBalancerError) {
console.error(state.deleteLoadBalancerError);
return MESSAGES.deleteLoadBalancerError.replace(
"${LB_NAME}",
NAMES.loadBalancerName,
);
}
return MESSAGES.deletedLoadBalancer.replace(
"${LB_NAME}",
NAMES.loadBalancerName,
);
}),
new ScenarioAction("deleteLoadBalancerTargetGroup", async (state) => {
const client = new ElasticLoadBalancingV2Client({});
try {
const { TargetGroups } = await client.send(
new DescribeTargetGroupsCommand({
Names: [NAMES.loadBalancerTargetGroupName],
}),
);
await retry({ intervalInMs: 1000, maxRetries: 30 }, () =>
client.send(
new DeleteTargetGroupCommand({
TargetGroupArn: TargetGroups[0].TargetGroupArn,
}),
),
);
} catch (e) {
state.deleteLoadBalancerTargetGroupError = e;
}
}),
new ScenarioOutput("deleteLoadBalancerTargetGroupResult", (state) => {
if (state.deleteLoadBalancerTargetGroupError) {
console.error(state.deleteLoadBalancerTargetGroupError);
return MESSAGES.deleteLoadBalancerTargetGroupError.replace(
"${TARGET_GROUP_NAME}",
NAMES.loadBalancerTargetGroupName,
);
}
return MESSAGES.deletedLoadBalancerTargetGroup.replace(
"${TARGET_GROUP_NAME}",
NAMES.loadBalancerTargetGroupName,
);
}),
new ScenarioAction("detachSsmOnlyRoleFromProfile", async (state) => {
try {
const client = new IAMClient({});
await client.send(
new RemoveRoleFromInstanceProfileCommand({
InstanceProfileName: NAMES.ssmOnlyInstanceProfileName,
RoleName: NAMES.ssmOnlyRoleName,
}),
);
} catch (e) {
state.detachSsmOnlyRoleFromProfileError = e;
}
}),
new ScenarioOutput("detachSsmOnlyRoleFromProfileResult", (state) => {
if (state.detachSsmOnlyRoleFromProfileError) {
console.error(state.detachSsmOnlyRoleFromProfileError);
return MESSAGES.detachSsmOnlyRoleFromProfileError
.replace("${ROLE_NAME}", NAMES.ssmOnlyRoleName)
.replace("${PROFILE_NAME}", NAMES.ssmOnlyInstanceProfileName);
}
return MESSAGES.detachedSsmOnlyRoleFromProfile
.replace("${ROLE_NAME}", NAMES.ssmOnlyRoleName)
.replace("${PROFILE_NAME}", NAMES.ssmOnlyInstanceProfileName);
}),
new ScenarioAction("detachSsmOnlyCustomRolePolicy", async (state) => {
try {
const iamClient = new IAMClient({});
const ssmOnlyPolicy = await findPolicy(NAMES.ssmOnlyPolicyName);
await iamClient.send(
new DetachRolePolicyCommand({
RoleName: NAMES.ssmOnlyRoleName,
PolicyArn: ssmOnlyPolicy.Arn,
}),
);
} catch (e) {
state.detachSsmOnlyCustomRolePolicyError = e;
}
}),
new ScenarioOutput("detachSsmOnlyCustomRolePolicyResult", (state) => {
if (state.detachSsmOnlyCustomRolePolicyError) {
console.error(state.detachSsmOnlyCustomRolePolicyError);
return MESSAGES.detachSsmOnlyCustomRolePolicyError
.replace("${ROLE_NAME}", NAMES.ssmOnlyRoleName)
.replace("${POLICY_NAME}", NAMES.ssmOnlyPolicyName);
}
return MESSAGES.detachedSsmOnlyCustomRolePolicy
.replace("${ROLE_NAME}", NAMES.ssmOnlyRoleName)
.replace("${POLICY_NAME}", NAMES.ssmOnlyPolicyName);
}),
new ScenarioAction("detachSsmOnlyAWSRolePolicy", async (state) => {
try {
const iamClient = new IAMClient({});
await iamClient.send(
new DetachRolePolicyCommand({
RoleName: NAMES.ssmOnlyRoleName,
PolicyArn: "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
}),
);
} catch (e) {
state.detachSsmOnlyAWSRolePolicyError = e;
}
}),
new ScenarioOutput("detachSsmOnlyAWSRolePolicyResult", (state) => {
if (state.detachSsmOnlyAWSRolePolicyError) {
console.error(state.detachSsmOnlyAWSRolePolicyError);
return MESSAGES.detachSsmOnlyAWSRolePolicyError
.replace("${ROLE_NAME}", NAMES.ssmOnlyRoleName)
.replace("${POLICY_NAME}", "AmazonSSMManagedInstanceCore");
}
return MESSAGES.detachedSsmOnlyAWSRolePolicy
.replace("${ROLE_NAME}", NAMES.ssmOnlyRoleName)
.replace("${POLICY_NAME}", "AmazonSSMManagedInstanceCore");
}),
new ScenarioAction("deleteSsmOnlyInstanceProfile", async (state) => {
try {
const iamClient = new IAMClient({});
await iamClient.send(
new DeleteInstanceProfileCommand({
InstanceProfileName: NAMES.ssmOnlyInstanceProfileName,
}),
);
} catch (e) {
state.deleteSsmOnlyInstanceProfileError = e;
}
}),
new ScenarioOutput("deleteSsmOnlyInstanceProfileResult", (state) => {
if (state.deleteSsmOnlyInstanceProfileError) {
console.error(state.deleteSsmOnlyInstanceProfileError);
return MESSAGES.deleteSsmOnlyInstanceProfileError.replace(
"${INSTANCE_PROFILE_NAME}",
NAMES.ssmOnlyInstanceProfileName,
);
}
return MESSAGES.deletedSsmOnlyInstanceProfile.replace(
"${INSTANCE_PROFILE_NAME}",
NAMES.ssmOnlyInstanceProfileName,
);
}),
new ScenarioAction("deleteSsmOnlyPolicy", async (state) => {
try {
const iamClient = new IAMClient({});
const ssmOnlyPolicy = await findPolicy(NAMES.ssmOnlyPolicyName);
await iamClient.send(
new DeletePolicyCommand({
PolicyArn: ssmOnlyPolicy.Arn,
}),
);
} catch (e) {
state.deleteSsmOnlyPolicyError = e;
}
}),
new ScenarioOutput("deleteSsmOnlyPolicyResult", (state) => {
if (state.deleteSsmOnlyPolicyError) {
console.error(state.deleteSsmOnlyPolicyError);
return MESSAGES.deleteSsmOnlyPolicyError.replace(
"${POLICY_NAME}",
NAMES.ssmOnlyPolicyName,
);
}
return MESSAGES.deletedSsmOnlyPolicy.replace(
"${POLICY_NAME}",
NAMES.ssmOnlyPolicyName,
);
}),
new ScenarioAction("deleteSsmOnlyRole", async (state) => {
try {
const iamClient = new IAMClient({});
await iamClient.send(
new DeleteRoleCommand({
RoleName: NAMES.ssmOnlyRoleName,
}),
);
} catch (e) {
state.deleteSsmOnlyRoleError = e;
}
}),
new ScenarioOutput("deleteSsmOnlyRoleResult", (state) => {
if (state.deleteSsmOnlyRoleError) {
console.error(state.deleteSsmOnlyRoleError);
return MESSAGES.deleteSsmOnlyRoleError.replace(
"${ROLE_NAME}",
NAMES.ssmOnlyRoleName,
);
}
return MESSAGES.deletedSsmOnlyRole.replace(
"${ROLE_NAME}",
NAMES.ssmOnlyRoleName,
);
}),
new ScenarioAction(
"revokeSecurityGroupIngress",
async (
/** @type {{ myIp: string, defaultSecurityGroup: { GroupId: string } }} */ state,
) => {
const ec2Client = new EC2Client({});
try {
await ec2Client.send(
new RevokeSecurityGroupIngressCommand({
GroupId: state.defaultSecurityGroup.GroupId,
CidrIp: `${state.myIp}/32`,
FromPort: 80,
ToPort: 80,
IpProtocol: "tcp",
}),
);
} catch (e) {
state.revokeSecurityGroupIngressError = e;
}
},
),
new ScenarioOutput("revokeSecurityGroupIngressResult", (state) => {
if (state.revokeSecurityGroupIngressError) {
console.error(state.revokeSecurityGroupIngressError);
return MESSAGES.revokeSecurityGroupIngressError.replace(
"${IP}",
state.myIp,
);
}
return MESSAGES.revokedSecurityGroupIngress.replace("${IP}", state.myIp);
}),
];
/**
* @param {string} policyName
*/
async function findPolicy(policyName) {
const client = new IAMClient({});
const paginatedPolicies = paginateListPolicies({ client }, {});
for await (const page of paginatedPolicies) {
const policy = page.Policies.find((p) => p.PolicyName === policyName);
if (policy) {
return policy;
}
}
}
/**
* @param {string} groupName
*/
async function deleteAutoScalingGroup(groupName) {
const client = new AutoScalingClient({});
try {
await client.send(
new DeleteAutoScalingGroupCommand({
AutoScalingGroupName: groupName,
}),
);
} catch (err) {
if (!(err instanceof Error)) {
throw err;
}
console.log(err.name);
throw err;
}
}
/**
* @param {string} groupName
*/
async function terminateGroupInstances(groupName) {
const autoScalingClient = new AutoScalingClient({});
const group = await findAutoScalingGroup(groupName);
await autoScalingClient.send(
new UpdateAutoScalingGroupCommand({
AutoScalingGroupName: group.AutoScalingGroupName,
MinSize: 0,
}),
);
for (const i of group.Instances) {
await retry({ intervalInMs: 1000, maxRetries: 30 }, () =>
autoScalingClient.send(
new TerminateInstanceInAutoScalingGroupCommand({
InstanceId: i.InstanceId,
ShouldDecrementDesiredCapacity: true,
}),
),
);
}
}
async function findAutoScalingGroup(groupName) {
const client = new AutoScalingClient({});
const paginatedGroups = paginateDescribeAutoScalingGroups({ client }, {});
for await (const page of paginatedGroups) {
const group = page.AutoScalingGroups.find(
(g) => g.AutoScalingGroupName === groupName,
);
if (group) {
return group;
}
}
throw new Error(`Auto scaling group ${groupName} not found.`);
}
```
+ 如需 API 詳細資訊,請參閱《*適用於 JavaScript 的 AWS SDK API 參考*》中的下列主題。
+ [AttachLoadBalancerTargetGroups](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/auto-scaling/command/AttachLoadBalancerTargetGroupsCommand)
+ [CreateAutoScalingGroup](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/auto-scaling/command/CreateAutoScalingGroupCommand)
+ [CreateInstanceProfile](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/CreateInstanceProfileCommand)
+ [CreateLaunchTemplate](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/ec2/command/CreateLaunchTemplateCommand)
+ [CreateListener](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/elastic-load-balancing-v2/command/CreateListenerCommand)
+ [CreateLoadBalancer](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/elastic-load-balancing-v2/command/CreateLoadBalancerCommand)
+ [CreateTargetGroup](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/elastic-load-balancing-v2/command/CreateTargetGroupCommand)
+ [DeleteAutoScalingGroup](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/auto-scaling/command/DeleteAutoScalingGroupCommand)
+ [DeleteInstanceProfile](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/iam/command/DeleteInstanceProfileCommand)
+ [DeleteLaunchTemplate](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/ec2/command/DeleteLaunchTemplateCommand)
+ [DeleteLoadBalancer](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/elastic-load-balancing-v2/command/DeleteLoadBalancerCommand)
+ [DeleteTargetGroup](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/elastic-load-balancing-v2/command/DeleteTargetGroupCommand)
+ [DescribeAutoScalingGroups](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/auto-scaling/command/DescribeAutoScalingGroupsCommand)
+ [DescribeAvailabilityZones](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/ec2/command/DescribeAvailabilityZonesCommand)
+ [DescribeIamInstanceProfileAssociations](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/ec2/command/DescribeIamInstanceProfileAssociationsCommand)
+ [DescribeInstances](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/ec2/command/DescribeInstancesCommand)
+ [DescribeLoadBalancers](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/elastic-load-balancing-v2/command/DescribeLoadBalancersCommand)
+ [DescribeSubnets](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/ec2/command/DescribeSubnetsCommand)
+ [DescribeTargetGroups](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/elastic-load-balancing-v2/command/DescribeTargetGroupsCommand)
+ [DescribeTargetHealth](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/elastic-load-balancing-v2/command/DescribeTargetHealthCommand)
+ [DescribeVpcs](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/ec2/command/DescribeVpcsCommand)
+ [RebootInstances](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/ec2/command/RebootInstancesCommand)
+ [ReplaceIamInstanceProfileAssociation](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/ec2/command/ReplaceIamInstanceProfileAssociationCommand)
+ [TerminateInstanceInAutoScalingGroup](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/auto-scaling/command/TerminateInstanceInAutoScalingGroupCommand)
+ [UpdateAutoScalingGroup](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/auto-scaling/command/UpdateAutoScalingGroupCommand)