in infra/src/custom_constructs/tool_account_fd_role_construct.py [0:0]
def __init__(self, scope: core.Construct, id: str, *, tool_account: str, fraud_detector_role_arn: str,
role_name=None):
super().__init__(scope, id, assumed_by=AccountPrincipal(tool_account), role_name=role_name)
self.add_to_policy(
PolicyStatement(resources=["*"],
actions=["frauddetector:UpdateRuleMetadata",
"frauddetector:CreateVariable",
"frauddetector:BatchCreateVariable",
"frauddetector:PutOutcome",
"frauddetector:UpdateDetectorVersion",
"frauddetector:GetVariables",
"frauddetector:GetDetectors",
"frauddetector:GetRules",
"frauddetector:UpdateDetectorVersionStatus",
"frauddetector:UpdateRuleVersion",
"frauddetector:DescribeModelVersions",
"frauddetector:GetPrediction",
"frauddetector:GetOutcomes",
"frauddetector:GetModels",
"frauddetector:PutModel",
"frauddetector:DeleteEvent",
"frauddetector:BatchGetVariable",
"frauddetector:UpdateModelVersion",
"frauddetector:DescribeDetector",
"frauddetector:PutDetector",
"frauddetector:PutEntityType",
"frauddetector:PutEventType",
"frauddetector:DeleteDetector",
"frauddetector:GetModelVersion",
"frauddetector:CreateModel",
"frauddetector:UpdateModelVersionStatus",
"frauddetector:CreateModelVersion",
"frauddetector:CreateRule",
"frauddetector:GetExternalModels",
"frauddetector:UpdateDetectorVersionMetadata",
"frauddetector:PutExternalModel",
"frauddetector:UpdateVariable",
"frauddetector:GetDetectorVersion",
"frauddetector:DeleteRuleVersion",
"frauddetector:PutLabel",
"frauddetector:CreateDetectorVersion",
"frauddetector:DeleteDetectorVersion"])
)
self.add_to_policy(PolicyStatement(resources=[fraud_detector_role_arn], actions=["iam:PassRole"]))