Skip to content

Instantly share code, notes, and snippets.

@afronski

afronski/aws-cdk-example.ts Secret

Last active April 22, 2020 18:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save afronski/1dd3e450ecd7cbab91cc857f045556b0 to your computer and use it in GitHub Desktop.
Save afronski/1dd3e450ecd7cbab91cc857f045556b0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
aws-cdk-example.ts
const ROLE_ARN = 'arn:aws:iam::aws:policy/AmazonSageMakerFullAccess';
const amazonSageMakerRole = new Role(this, 'AmazonSageMakerRole', {
assumedBy: new ServicePrincipal(AMAZON_SAGEMAKER_PRINCIPAL),
roleName: 'amazon-sagemaker-in-practice-workshop-role'
});
amazonSageMakerRole.attachManagedPolicy(ROLE_ARN);
const participantsGroup =
new Group(this, 'AmazonSageMakerInPracticeParticipants');
const policy =
new Policy(this, 'AmazonSageMakerInPracticeParticipantsPolicy');
const permissions = [
"sagemaker:*", "ecr:*", "cloudwatch:*", "logs:*",
"s3:GetBucketLocation", "s3:ListAllMyBuckets",
"iam:ListRoles", "iam:GetRole"
];
const defaultStatement =
(new PolicyStatement())
.allow()
.addAllResources()
.addActions(...permissions);
const condition = { 'iam:PassedToService': AMAZON_SAGEMAKER_PRINCIPAL };
const passRole =
(new PolicyStatement())
.allow()
.addAllResources()
.addAction("iam:PassRole")
.addCondition("StringEquals", condition);
policy.addStatement(defaultStatement);
policy.addStatement(passRole);
participantsGroup.attachInlinePolicy(policy);
const dataSource = Bucket.import(this, 'DataSourceBucket', {
bucketArn: 'arn:aws:s3:::amazon-sagemaker-in-practice-workshop'
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment