in lib/constructs/data-lake-enrollment.ts [474:513]
public grantCoarseIamRead(principal: iam.IPrincipal){
if(principal instanceof iam.Role){
this.CoarseAthenaAccessPolicy.attachToRole(principal as iam.Role);
this.CoarseResourceAccessPolicy.attachToRole(principal as iam.Role);
this.CoarseIamPolciesApplied = true;
return;
}
if(principal instanceof iam.User){
this.CoarseAthenaAccessPolicy.attachToUser(principal as iam.User);
this.CoarseResourceAccessPolicy.attachToUser(principal as iam.User);
this.CoarseIamPolciesApplied = true;
return;
}
if (principal instanceof iam.ArnPrincipal) {
if(principal.arn.includes(":role/")){
this.CoarseAthenaAccessPolicy.attachToRole(iam.Role.fromRoleArn(this,'importedRoleCoarseIamReadAthena',principal.arn));
this.CoarseResourceAccessPolicy.attachToRole(iam.Role.fromRoleArn(this,'importedRoleCoarseIamReadLfResource',principal.arn));
this.CoarseIamPolciesApplied = true;
return;
}
if(principal.arn.includes(":user/")){
this.CoarseAthenaAccessPolicy.attachToUser(iam.User.fromUserArn(this,'importedUserCoarseIamReadAthena',principal.arn));
this.CoarseResourceAccessPolicy.attachToUser(iam.User.fromUserArn(this,'importedUserCoarseIamReadLfResource',principal.arn));
this.CoarseIamPolciesApplied = true;
return;
}
}
}