def add_role_access_to

def add_role_access_to_build()

in cdk/pipeline/pipeline_stack.py [0:0]

12 lines of code
1 McCabe index (conditional complexity)


    def add_role_access_to_build(self, build):
        build.role.add_managed_policy(
            iam.ManagedPolicy.from_aws_managed_policy_name("AmazonEC2ContainerRegistryFullAccess"))
        build.role.add_managed_policy(
            iam.ManagedPolicy.from_aws_managed_policy_name("AmazonSSMReadOnlyAccess"))
        build.add_to_role_policy(iam.PolicyStatement(
            actions=["kms:Decrypt", "kms:GenerateDataKey*"], resources=["*"]))
        build.add_to_role_policy(iam.PolicyStatement(
            actions=["eks:DescribeNodegroup", "eks:DescribeFargateProfile", 
            "eks:DescribeUpdate", "eks:DescribeCluster"], resources=["*"]))
        build.add_to_role_policy(iam.PolicyStatement(
            actions=["sts:AssumeRole"], resources=[self.eks.kubectl_role.role_arn]))