function makeTranscribeAccessBucketRole()

in lib/cdk-stack.ts [106:132]

• 27 lines of code
• 1 McCabe index (conditional complexity)

function makeTranscribeAccessBucketRole(
  scope: cdk.Construct,
  id: string,
  bucket: s3.IBucket
): iam.IRole {
  return new iam.Role(scope, id, {
    assumedBy: new iam.ServicePrincipal('transcribe.amazonaws.com'),
    inlinePolicies: {
      ArchiveStreamRolePolicy: iamUtils.makePolicyDocument({
        statements: [
          iamUtils.makePolicyStatement({
            effect: iam.Effect.ALLOW,
            actions: [
              's3:AbortMultipartUpload',
              's3:GetBucketLocation',
              's3:GetObject',
              's3:ListBucket',
              's3:ListBucketMultipartUploads',
              's3:PutObject',
            ],
            resources: [bucket.bucketArn, bucket.bucketArn + '/*'],
          }),
        ],
      }),
    },
  });
}