in sagemaker_run_notebook/run_notebook.py [0:0]
def create_lambda_role(name="run-notebook", session=None):
"""Create a default, minimal IAM role and policy for running the lambda function.
Args:
name (str): The name of the role and policy to create (default: "run-notebook").
session (boto3.Session): The boto3 session to use. Will create a default session if not supplied (default: None).
Returns:
str: The ARN of the resulting role.
"""
session = ensure_session(session)
iam = session.client("iam")
assume_role_policy_doc = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {"Service": "lambda.amazonaws.com"},
"Action": "sts:AssumeRole",
}
],
}
role = iam.create_role(
RoleName=name,
Description="A role for starting notebook execution from a lambda function",
AssumeRolePolicyDocument=json.dumps(assume_role_policy_doc),
)
policy_document = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["sagemaker:CreateProcessingJob", "iam:PassRole"],
"Resource": "*",
}
],
}
policy = iam.create_policy(
PolicyName=name, PolicyDocument=json.dumps(policy_document)
)
iam.attach_role_policy(PolicyArn=policy["Policy"]["Arn"], RoleName=name)
return role["Role"]["Arn"]