# --------------------------------
# IAM Role for SageMaker
resource "aws_iam_role" "sagemaker-role" {
name = "sagemaker-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "sagemaker.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "sagemaker-role-attachment" {
role = "${aws_iam_role.sagemaker-role.name}"
policy_arn = "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess"
}
# --------------------------------
# IAM Group for SageMaker
resource "aws_iam_group" "sagemaker-group" {
name = "sagemaker-group"
}
resource "aws_iam_group_policy_attachment" "sagemaker-group-attachment-AmazonSageMakerFullAccess" {
group = "${aws_iam_group.sagemaker-group.name}"
policy_arn = "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess"
}
resource "aws_iam_group_policy_attachment" "sagemaker-group-attachment-AmazonEC2FullAccess" {
group = "${aws_iam_group.sagemaker-group.name}"
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
}
resource "aws_iam_group_policy_attachment" "sagemaker-group-attachment-IAMReadOnlyAccess" {
group = "${aws_iam_group.sagemaker-group.name}"
policy_arn = "arn:aws:iam::aws:policy/IAMReadOnlyAccess"
}
resource "aws_iam_group_policy_attachment" "sagemaker-group-attachment-IAMUserChangePassword" {
group = "${aws_iam_group.sagemaker-group.name}"
policy_arn = "arn:aws:iam::aws:policy/IAMUserChangePassword"
}
resource "aws_iam_group_membership" "sagemaker-group-membership" {
name = "sagemaker-group-membership"
group = "${aws_iam_group.sagemaker-group.name}"
users = "${var.sagemaker_users}"
}
# --------------------------------
# IAM Users for SageMaker
resource "aws_iam_user" "sagemaker-users" {
name = "${var.sagemaker_users[count.index]}"
force_destroy = true
count = "${length(var.sagemaker_users)}"
}
resource "aws_iam_user_login_profile" "sagemaker-users" {
user = "${var.sagemaker_users[count.index]}"
pgp_key = "${file("foo.gpg.base64")}"
count = "${length(var.sagemaker_users)}"
}
output "sagemaker-user-passwords" {
value = ["${aws_iam_user_login_profile.sagemaker-users.*.encrypted_password}"]
}
-
-
Save mazgi/aebcf7cac9ed5ca5f3f1d0f69557a820 to your computer and use it in GitHub Desktop.
Terraform for Amazon SageMaker
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment