in source/src/molecule-unfolding/cdk/utils/utils-role.ts [303:362]
public createAggResultLambdaRole(): iam.Role {
const role = new iam.Role(this.scope, `AggResultLambdaRole`, {
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
});
const table_name1 = `${this.props.stackName}_qc_benchmark_metrics_hist`
const table_name2 = `${this.props.stackName}_qc_benchmark_metrics`
role.addToPolicy(new iam.PolicyStatement({
resources: [
`arn:aws:athena:*:${this.props.account}:workgroup/primary`,
`arn:aws:athena:*:${this.props.account}:datacatalog/AwsDataCatalog`,
`arn:aws:glue:*:${this.props.account}:database/qc_db`,
`arn:aws:glue:*:${this.props.account}:table/qc_db/${table_name1}`,
`arn:aws:glue:*:${this.props.account}:table/qc_db/${table_name2}`,
`arn:aws:glue:*:${this.props.account}:catalog`
],
actions: [
"athena:StartQueryExecution",
"athena:GetQueryResults",
"glue:UpdateDatabase",
"glue:DeleteDatabase",
"glue:CreateDatabase",
"glue:GetTable",
"glue:DeleteTable",
"glue:CreateTable",
"glue:UpdateTable"
]
}));
role.addToPolicy(new iam.PolicyStatement({
resources: [
'*'
],
actions: [
"athena:ListDataCatalogs"
]
}));
role.addToPolicy(new iam.PolicyStatement({
resources: [
`arn:aws:s3:::${this.props.bucket.bucketName}/*`
],
actions: [
"s3:GetObject",
"s3:PutObject"
]
}));
role.addToPolicy(new iam.PolicyStatement({
resources: [
`arn:aws:s3:::${this.props.bucket.bucketName}`
],
actions: [
"s3:ListBucket",
"s3:GetBucketLocation",
]
}));
this.addLambdaCommonPolicy(role)
return role;
}