in getting_started/utility.py [0:0]
def get_or_create_iam_role( role_name ):
iam = boto3.client("iam")
assume_role_policy_document = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lookoutmetrics.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
try:
create_role_response = iam.create_role(
RoleName = role_name,
AssumeRolePolicyDocument = json.dumps(assume_role_policy_document)
)
role_arn = create_role_response["Role"]["Arn"]
print("Created %s" % role_name)
except iam.exceptions.EntityAlreadyExistsException:
print("Role %s already existed" % role_name )
role_arn = boto3.resource('iam').Role(role_name).arn
print("Attaching policies")
iam.attach_role_policy(
RoleName=role_name,
PolicyArn='arn:aws:iam::aws:policy/AmazonS3FullAccess',
)
iam.attach_role_policy(
RoleName = role_name,
PolicyArn = "arn:aws:iam::aws:policy/AmazonSNSFullAccess"
)
print("Waiting for a minute to allow IAM role policy attachment to propagate")
time.sleep(60)
print(role_arn)
return role_arn