in aws/iam.go [131:182]
func CreateDeviceFleetBucketPolicy(client IamClient, cliArgs *cli.CliArgs) *types.Policy {
policyDocument := &PolicyDocument{
Version: "2012-10-17",
Statement: []StatementEntry{
{
Sid: "DeviceS3Access",
Effect: "Allow",
Action: []string{
"s3:PutObject",
"s3:GetBucketLocation",
},
Resource: []string{
fmt.Sprintf("arn:aws:s3:::%s/*", cliArgs.DeviceFleetBucket),
fmt.Sprintf("arn:aws:s3:::%s", cliArgs.DeviceFleetBucket),
},
},
},
}
policy, _ := json.MarshalIndent(policyDocument, "", " ")
policyDoc := string(policy)
policyDescription := fmt.Sprintf("SageMaker device fleet bucket policy for %s", cliArgs.DeviceFleet)
policyPath := "/"
policyName := fmt.Sprintf("%s-%s-policy", strings.ToLower(cliArgs.DeviceFleet), strings.ToLower(cliArgs.DeviceFleetBucket))
policyArn := fmt.Sprintf("arn:aws:iam::%s:policy/%s", cliArgs.Account, policyName)
getPolicyOutput, err := client.GetPolicy(context.TODO(), &iam.GetPolicyInput{
PolicyArn: &policyArn,
})
if err != nil {
var nse *types.NoSuchEntityException
if errors.As(err, &nse) {
ret, err := client.CreatePolicy(context.TODO(), &iam.CreatePolicyInput{
Description: &policyDescription,
Path: &policyPath,
PolicyDocument: &policyDoc,
PolicyName: &policyName,
})
if err != nil {
log.Fatalf("Failed to create policy with policy name %s. Encountered error %s\n", policyName, err)
}
return ret.Policy
}
log.Fatalf("Failed to get policy with name %s. Encountered error %s\n", policyName, err)
}
return getPolicyOutput.Policy
}