def create_comprehend

def create_comprehend_role()

in workflow3_local/local_endpointbuilder.py [0:0]
78 lines of code
8 McCabe index (conditional complexity)

def create_comprehend_role(bucket_name, role_name, iam_comprehend_policy_name):
    iam = boto3.client("iam")
    try:
        # create IAM role with trust policy
        iam_assume_role_policy = dumps({
            "Version": "2012-10-17",
            "Statement": {
                "Effect": "Allow",
                "Principal":
                    {"Service": "comprehend.amazonaws.com"},
                "Action": "sts:AssumeRole"
            }
        })
        iam_create_response = iam.create_role(
            RoleName=role_name,
            AssumeRolePolicyDocument=iam_assume_role_policy,
            MaxSessionDuration=21600
        )

        role_arn = iam_create_response['Role']['Arn']
        print("IAM role created")

    except botocore.exceptions.ClientError as error:
        # if role already exists
        if error.response["Error"]["Code"] == "EntityAlreadyExists":
            iam_get_role_response = iam.get_role(
                RoleName=role_name
            )
            role_arn = iam_get_role_response["Role"]["Arn"]
            print("IAM role already exists")
        else:
            raise error

    try:
        # create policy that allows role to access the CSV training dataset in S3
        iam_comprehend_policy_document = dumps({
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Action": [
                        "s3:GetObject"
                    ],
                    "Resource": [
                        f"arn:aws:s3:::{bucket_name}/*"
                    ],
                    "Effect": "Allow"
                },
                {
                    "Action": [
                        "s3:ListBucket"
                    ],
                    "Resource": [
                        f"arn:aws:s3:::{bucket_name}"
                    ],
                    "Effect": "Allow"
                },
                {
                    "Action": [
                        "s3:PutObject"
                    ],
                    "Resource": [
                        f"arn:aws:s3:::{bucket_name}/*"
                    ],
                    "Effect": "Allow"
                }
            ]
        })
        iam_create_policy_response = iam.create_policy(
            PolicyName=iam_comprehend_policy_name,
            PolicyDocument=iam_comprehend_policy_document,
        )

        # attach S3 access policy to role
        policy_arn = iam_create_policy_response["Policy"]["Arn"]
        iam.attach_role_policy(
            RoleName=role_name,
            PolicyArn=policy_arn
        )
        print("IAM policy created and attached to role. Waiting to configure")

        # wait for a minute before configuring the Comprehend model
        # IAM role configuration needs time to be processed; without it, the model throws an error
        sleep(60)

    except botocore.exceptions.ClientError as error:
        # if role already exists
        if error.response["Error"]["Code"] == "EntityAlreadyExists":
            print("IAM policy already exists")
        else:
            raise error

    return role_arn