in cdk-project/lib/common.ts [227:256]
export function enableSageMakerOperation(project: codebuild.Project): void {
const cfnProject = project.node.findChild("Resource") as codebuild.CfnProject;
cfnProject.addPropertyOverride("Environment.ImagePullCredentialsType", "SERVICE_ROLE");
const projectPolicy = new iam.PolicyStatement();
projectPolicy.addActions(
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateVpc",
"ec2:CreateSubnet",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DescribeVpcEndpointServices",
"iam:GetRole",
"kms:CreateKey",
"kms:CreateAlias",
"kms:CreateGrant",
"kms:PutKeyPolicy",
"s3:PutEncryptionConfiguration",
"s3:PutBucketPolicy",
);
projectPolicy.addResources("*");
project.addToRolePolicy(projectPolicy);
if (project.role) {
project.role.addManagedPolicy(
ManagedPolicy.fromAwsManagedPolicyName("AmazonSageMakerFullAccess"),
);
}
}