constructor()

in packages/cdk/lib/roles/cromwell-engine-role.ts [16:50]

• 34 lines of code
• 1 McCabe index (conditional complexity)

  constructor(scope: Construct, id: string, props: CromwellEngineRoleProps) {
    const cromwellJobArn = Arn.format(
      {
        account: Aws.ACCOUNT_ID,
        region: Aws.REGION,
        partition: Aws.PARTITION,
        resource: "job-definition/*",
        service: "batch",
      },
      scope as Stack
    );
    super(scope, id, {
      assumedBy: new ServicePrincipal("ecs-tasks.amazonaws.com"),
      inlinePolicies: {
        CromwellEngineBatchPolicy: new CromwellBatchPolicy({
          ...props,
          cromwellJobArn: cromwellJobArn,
        }),
        CromwellEcsDescribeInstances: new PolicyDocument({
          assignSids: true,
          statements: [
            new PolicyStatement({
              effect: Effect.ALLOW,
              actions: ["ecs:DescribeContainerInstances", "s3:ListAllMyBuckets"],
              resources: ["*"],
            }),
          ],
        }),
      },
      ...props.policies,
    });

    BucketOperations.grantBucketAccess(this, this, props.readOnlyBucketArns, true);
    BucketOperations.grantBucketAccess(this, this, props.readWriteBucketArns);
  }