in functions/source/update_custommanagedvpc_iam_role.py [0:0]
def put_role_policy_sg(role_name, aws_region, accountid, security_group_ids, vpcid):
global sg
global custom_managed_policy
sg_list = ([id.strip() for id in security_group_ids.split(",")])
print('security groups list: {}'.format(sg_list),"\n")
resource = custom_managed_policy['Statement'][0]['Resource']
# Replace AWSREGION & ACCOUNTID strings for the Security Groups in the working area
sg = sg.replace('AWSREGION', aws_region)
sg = sg.replace('ACCOUNTID', accountid)
# Build the Resource block of the policy for as many security groups provided
for i in sg_list:
sg_str = sg.replace('SECURITYGROUPID', str(i))
resource.append(sg_str)
# Update the Policy Resource block with the list of Security Group Ids
custom_managed_policy['Statement'][0]['Resource'] = resource
# Replace AWSREGION, ACCOUNTID and VPCID strings for the VPC
custom_managed_vpc_policy = str(custom_managed_policy)
custom_managed_vpc_policy = custom_managed_vpc_policy.replace('AWSREGION', aws_region)
custom_managed_vpc_policy = custom_managed_vpc_policy.replace('ACCOUNTID', accountid)
custom_managed_vpc_policy = custom_managed_vpc_policy.replace('VPCID', vpcid)
custom_managed_vpc_policy = custom_managed_vpc_policy.replace("\'", "\"")
print('Managed Policy: {}'.format(custom_managed_vpc_policy))
response = client.put_role_policy(
RoleName=role_name,
PolicyName='databricks-cross-account-iam-role-policy-sg',
PolicyDocument=(custom_managed_vpc_policy)
)