iam.service.tsā¢2.36 kB
import {
CreateRoleCommand,
DeleteRoleCommand,
AttachRolePolicyCommand,
GetRoleCommand
} from '@aws-sdk/client-iam';
import { iamClient } from '../../config/aws.config';
import { logger } from '../../utils/logger';
export class IAMService {
async createRole(parameters: any) {
try {
const roleName = parameters.roleName || `mcp-role-${Date.now()}`;
const assumeRolePolicyDocument = {
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Principal: {
Service: parameters.service || 'lambda.amazonaws.com',
},
Action: 'sts:AssumeRole',
},
],
};
const command = new CreateRoleCommand({
RoleName: roleName,
AssumeRolePolicyDocument: JSON.stringify(assumeRolePolicyDocument),
Description: 'Role created by MCP Infrastructure',
Tags: [
{ Key: 'CreatedBy', Value: 'MCP-Infrastructure' },
{ Key: 'Environment', Value: parameters.environment || 'development' },
],
});
const response = await iamClient.send(command);
if (parameters.service === 'lambda.amazonaws.com') {
const attachPolicyCommand = new AttachRolePolicyCommand({
RoleName: roleName,
PolicyArn: 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole',
});
await iamClient.send(attachPolicyCommand);
}
logger.info(`Created IAM role: ${roleName}`);
return { roleName, roleArn: response.Role?.Arn };
} catch (error) {
logger.error('Error creating IAM role:', error);
throw error;
}
}
async deleteRole(roleName: string) {
try {
const command = new DeleteRoleCommand({
RoleName: roleName,
});
await iamClient.send(command);
logger.info(`Deleted IAM role: ${roleName}`);
return { success: true };
} catch (error) {
logger.error('Error deleting IAM role:', error);
throw error;
}
}
async getRoleStatus(roleName: string) {
try {
const command = new GetRoleCommand({
RoleName: roleName,
});
const response = await iamClient.send(command);
return response.Role;
} catch (error) {
logger.error('Error getting role status:', error);
throw error;
}
}
}