in multipagepdfa2i/multipagepdfa2i_stack.py [0:0]
def create_iam_role_for_lambdas(self):
lam_roles = {}
names = ["kickoff", "pngextract", "analyzepdf", "humancomplete", "wrapup"]
for name in names:
lam_roles[name] = aws_iam.Role(
scope=self,
id="multipagepdfa2i_lam_role_" + name,
assumed_by=aws_iam.ServicePrincipal('lambda.amazonaws.com')
)
# !!!!kick off lambda function
# invokes another lambda function - client.invoke
# lists all step functions, used to look for the state machine arn - list_state_machines
# invokes a step function - start_execution
# puts item into dynamodb - put_item
lam_roles["kickoff"].add_to_policy(
statement=aws_iam.PolicyStatement(
resources=['*'],
actions=[
's3:Read',
's3:PutObject',
'lambda:InvokeFunction',
'states:StartExecution',
'sts:AssumeRole',
'sqs:DeleteMessage',
'sqs:ReceiveMessage',
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
)
)
#!!!! pngextract lambda function
# s3 get object
# s3 put object
lam_roles["pngextract"].add_to_policy(
statement=aws_iam.PolicyStatement(
resources=['*'],
actions=[
's3:GetObject',
's3:PutObject',
'sts:AssumeRole',
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
)
)
# !!!! analyzepdf lambda function
# step functions - sendtask success
# dynmodb - put item
# s3 put object
# textract analyze document
# s3 object
# sqs delete meesage
lam_roles["analyzepdf"].add_to_policy(
statement=aws_iam.PolicyStatement(
resources=['*'],
actions=[
's3:Object',
's3:PutObject',
's3:GetObject',
'lambda:InvokeFunction',
'states:SendTaskSuccess',
'dynamodb:PutItem',
'textract:AnalyzeDocument',
'sqs:DeleteMessage',
'sqs:ReceiveMessage',
'sagemaker:StartHumanLoop',
'sts:AssumeRole',
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
)
)
# !!!! humancomplete lambda function
# step functions send task success
# s3 put_object
# s3 Object
# dynamodb table query
lam_roles["humancomplete"].add_to_policy(
statement=aws_iam.PolicyStatement(
resources=['*'],
actions=[
's3:Object',
's3:PutObject',
's3:GetObject',
'states:SendTaskSuccess',
'dynamodb:Query',
'sts:AssumeRole',
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
)
)
# !!!! wrapup lambda function
# s3 put object
# s3 list object v2
# s3 delete object
# dynamodb query
lam_roles["wrapup"].add_to_policy(
statement=aws_iam.PolicyStatement(
resources=['*'],
actions=[
's3:Object',
's3:GetObject',
's3:PutObject',
's3:DeleteObject',
's3:ListBucket',
'sts:AssumeRole',
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
)
)
return lam_roles