From 95447e0cf967fd76b6ce3d1be0e2bb84ffcc304d Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Sat, 8 Feb 2025 14:25:49 +0100
Subject: [PATCH] chore(aws/iam): role and user creation via cli

---
 knowledge base/cloud computing/aws/iam.md |  4 ++++
 snippets/aws/other commands.fish          | 27 +++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/knowledge base/cloud computing/aws/iam.md b/knowledge base/cloud computing/aws/iam.md
index 0a30f62..bd7b684 100644
--- a/knowledge base/cloud computing/aws/iam.md	
+++ b/knowledge base/cloud computing/aws/iam.md	
@@ -103,6 +103,8 @@ Any activity performed by IAM Users in one's account is billed to the account.
 The number and size of IAM resources in an AWS account are limited.<br/>
 Refer [IAM and AWS STS quotas].
 
+Only **one** IAM User can exist with a specific username, no matter the path defined at its creation.
+
 ## Groups
 
 Refer [IAM user groups].
@@ -226,6 +228,8 @@ Roles are assumed in _sessions_.<br/>
 When assuming Roles, they provide the assuming identity with **temporary** security credentials that are only valid for
 that session.
 
+Only **one** IAM Role can exist with a specific name, no matter the path defined at its creation.
+
 ### Assume Roles
 
 Refer [Introduction to AWS IAM AssumeRole].
diff --git a/snippets/aws/other commands.fish b/snippets/aws/other commands.fish
index a4436e1..ec893c3 100644
--- a/snippets/aws/other commands.fish	
+++ b/snippets/aws/other commands.fish	
@@ -246,6 +246,11 @@ aws ec2 describe-network-interfaces --output 'text' \
 # ------------------
 ###
 
+# Create users
+# Only 1 user can exist with a specific username, no matter its path
+aws iam create-user --user-name 'quistis'
+aws iam create-user --path '/alumni/' --user-name 'squall'
+
 # Get users' information
 aws iam get-user --user-name 'michele'
 
@@ -280,6 +285,28 @@ basename (aws sts get-caller-identity --query 'Arn' --output 'text') \
 # Add users to user groups
 aws iam add-user-to-group --group-name 'infra' --user-name 'matt'
 
+# Delete users
+aws iam delete-user --user-name 'sophie'
+
+
+# Create roles
+# Only 1 role can exist with a specific name, no matter its path
+aws iam create-role --role-name 'captain' --assume-role-policy-document 'file://captain-trustPolicy.json'
+aws iam create-role --role-name 'someService' --path '/services/' --assume-role-policy-document '{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Sid": "AllowEc2ToAssumeThisVeryRole",
+		"Effect": "Allow",
+		"Principal": {
+			"Service": "ec2.amazonaws.com"
+		},
+		"Action": "sts:AssumeRole"
+	}]
+}'
+
+# Delete roles
+aws iam delete-role --role-name 'someService'
+
 
 ###
 # Image Builder