in source/src/molecule-unfolding/cdk/utils/utils-role.ts [59:143]
public createNotebookIamRole(): iam.Role {
const role = new iam.Role(this.scope, `NotebookRole`, {
assumedBy: new iam.ServicePrincipal('sagemaker.amazonaws.com'),
});
role.addToPolicy(new iam.PolicyStatement({
resources: [
`arn:aws:braket:*:${this.props.account}:quantum-task/*`,
`arn:aws:braket:*:${this.props.account}:job/*`
],
actions: [
"braket:GetJob",
"braket:GetQuantumTask",
"braket:CancelQuantumTask",
"braket:CancelJob",
"braket:ListTagsForResource"
]
}));
role.addToPolicy(new iam.PolicyStatement({
resources: [
'*'
],
actions: [
"braket:CreateJob",
"braket:GetDevice",
"braket:SearchDevices",
"braket:CreateQuantumTask",
"braket:SearchJobs",
"braket:SearchQuantumTasks"
]
}));
role.addToPolicy(new iam.PolicyStatement({
resources: [
`arn:aws:s3:::${this.props.bucket.bucketName}/*`,
"arn:aws:s3:::braket-*/*",
"arn:aws:s3:::amazon-braket-*/*"
],
actions: [
"s3:PutObject",
"s3:GetObject",
]
}));
role.addToPolicy(new iam.PolicyStatement({
resources: [
`arn:aws:s3:::${this.props.bucket.bucketName}`
],
actions: [
"s3:ListBucket"
]
}));
role.addToPolicy(new iam.PolicyStatement({
resources: [
`arn:aws:ecr:${this.props.region}:${this.props.account}:repository/${this.props.prefix}/*`
],
actions: [
"ecr:UploadLayerPart",
"ecr:BatchDeleteImage",
"ecr:DeleteRepository",
"ecr:CompleteLayerUpload",
"ecr:DescribeRepositories",
"ecr:BatchCheckLayerAvailability",
"ecr:CreateRepository",
"ecr:GetDownloadUrlForLayer",
"ecr:PutImage",
"ecr:BatchGetImage",
"ecr:InitiateLayerUpload"
]
}));
role.addToPolicy(new iam.PolicyStatement({
resources: [
`arn:aws:logs:*:${this.props.account}:log-group:/aws/sagemaker/*`
],
actions: [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:CreateLogGroup"
]
}));
return role;
}