adding developer iam role

nxtlytics · Aug 17, 2021 · 3e293a9 · 3e293a9
1 parent 5f0e050
commit 3e293a9
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/setup_sso/setup_sso.py b/setup_sso/setup_sso.py
@@ -55,7 +55,8 @@ def __init__(
         self.saml_provider_arn = f"arn:{self.aws_partition}:iam::{self.account_id}:saml-provider/{self.saml_provider_name}"
         self.roles_arn = {
             'SSOAdministratorAccess': f"arn:{self.aws_partition}:iam::{self.account_id}:role/SSOAdministratorAccess",
-            'SSOViewOnlyAccess': f"arn:{self.aws_partition}:iam::{self.account_id}:role/SSOViewOnlyAccess"
+            'SSOViewOnlyAccess': f"arn:{self.aws_partition}:iam::{self.account_id}:role/SSOViewOnlyAccess",
+            'SSODeveloperAccess': f"arn:{self.aws_partition}:iam::{self.account_id}:role/SSODeveloperAccess"
         }
         self.client = self.session.client('iam', endpoint_url=self.endpoint_url)
 
@@ -190,6 +191,13 @@ def create_default_roles(self) -> None:
                 policy_arn=read_policy_arn,
                 policy_document=policy_document
             )
+            read_role_name = 'SSODeveloperAccess'
+            read_policy_arn = f"arn:{aws_partition}:iam::aws:policy/SystemAdministrator"
+            self.create_role(
+                role_name=read_role_name,
+                policy_arn=read_policy_arn,
+                policy_document=policy_document
+            )
         except Exception as e:
             self.log.exception("Creation of default roles failed with error %s", e)