private createStateMachineRole()

in infra/stack/mlops/mlops-pipeline-stack.ts [268:325]

• 56 lines of code
• 1 McCabe index (conditional complexity)

    private createStateMachineRole(baseName: string): iam.Role {
        const role = new iam.Role(this, `${baseName}StateMachineRole`, {
            roleName: `${this.projectPrefix}-${baseName}StateMachineRole`,
            assumedBy: new iam.ServicePrincipal('states.amazonaws.com'),
        });

        role.addToPolicy(new iam.PolicyStatement({
            effect: iam.Effect.ALLOW,
            actions: [
                "glue:StartJobRun",
                "glue:GetJobRun",
                "glue:BatchStopJobRun",
                "glue:GetJobRuns"
            ],
            resources: [
                '*'
            ]
        }));
        role.addToPolicy(new iam.PolicyStatement({
            effect: iam.Effect.ALLOW,
            actions: [
                "lambda:InvokeFunction"
            ],
            resources: [
                '*'
            ]
        }));
        role.addToPolicy(new iam.PolicyStatement({
            effect: iam.Effect.ALLOW,
            actions: [
                "events:DescribeRule",
                "events:PutRule",
                "events:PutTargets"
            ],
            resources: [
                '*'
            ]
        }));
        role.addToPolicy(new iam.PolicyStatement({
            effect: iam.Effect.ALLOW,
            actions: [
                "sagemaker:CreateModel",
                "sagemaker:DeleteEndpointConfig",
                "sagemaker:DescribeTrainingJob",
                "sagemaker:CreateEndpoint",
                "sagemaker:StopTrainingJob",
                "sagemaker:CreateTrainingJob",
                "sagemaker:UpdateEndpoint",
                "sagemaker:CreateEndpointConfig",
                "sagemaker:DeleteEndpoint"
            ],
            resources: [
                '*'
            ]
        }));

        return role;
    }