async function createLambdaRole()

in src/pipelineResources.js [295:389]

• 82 lines of code
• 2 McCabe index (conditional complexity)

async function createLambdaRole() {
    const iamClient = new IAMClient({region: REGION});
    
    // Create Lambda principal role
    startSpinner('Creating Lambda principal role ...', true);
    let roleName = NAME +"LambdaExecutionRole";
    const params = {
        AssumeRolePolicyDocument: JSON.stringify({
          Version: "2012-10-17",
          Statement: [
            {
              Effect: "Allow",
              Principal: { Service: ["lambda.amazonaws.com"] },
              Action: ["sts:AssumeRole"],
            },
          ],
        }),
        RoleName: roleName
    };
    const data = await iamClient.send(new CreateRoleCommand(params));
    //await waitUntilRoleExists({ client: iamClient, maxWaitTime: 180 }, { RoleName: data.Role.RoleName }); // does not work :(, using sleep
    await sleep(10000);
    LAMBDA_ROLE = data.Role.Arn;
    storeResource({LambdaExecutionRole: roleName});
    succeedSpinner('Role ARN: ' + yellow(LAMBDA_ROLE), {logLevel: 'debug'});
    loggerInfo('Created Lambda principal role')

    // Attach to Lambda role the AWSLambdaBasicExecutionRole
    startSpinner('Attaching AWSLambdaBasicExecutionRole to Lambda Role', true);
    let input = {
        RoleName: roleName,
        PolicyArn: "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
    };
    let command = new AttachRolePolicyCommand(input);
    await iamClient.send(command);    
    storeResource({LambdaExecutionPolicy1: input.PolicyArn});
    succeedSpinner(`Attached ${yellow('AWSLambdaBasicExecutionRole')} to Lambda Role`, {logLevel: 'info'});


    if (NEPTUNE_IAM_AUTH) {
        // Create Neptune query policy
        startSpinner('Creating policy for Neptune queries', true);
        let policyName = NAME+"NeptuneQueryPolicy";
        let command = new CreatePolicyCommand({
            PolicyDocument: JSON.stringify({
            Version: "2012-10-17",
            Statement: [
                {
                    Effect: "Allow",
                    Action: [
                        NEPTUNE_TYPE + ':connect',
                        NEPTUNE_TYPE + ':DeleteDataViaQuery',
                        NEPTUNE_TYPE + ':ReadDataViaQuery',
                        NEPTUNE_TYPE + ':WriteDataViaQuery'
                    ],
                    Resource: NEPTUNE_IAM_POLICY_RESOURCE            
                },
            ],
            }),
            PolicyName: policyName,
        });
    
        let response = await iamClient.send(command);
        const policyARN = response.Policy.Arn;
        storeResource({NeptuneQueryPolicy: policyARN});
        await sleep(5000);
        succeedSpinner('Neptune query policy ARN: ' + yellow(policyARN), {logLevel: 'debug'});
        loggerInfo('Neptune query policy created')

        // Attach to Lambda role the Neptune query policy.
        startSpinner('Attaching Neptune query policy to Lambda role ...', true);
        input = {
            RoleName: roleName,
            PolicyArn: policyARN,
        };
        command = new AttachRolePolicyCommand(input);
        await iamClient.send(command);    
        storeResource({LambdaExecutionPolicy2: input.PolicyArn});    
        await sleep(10000);
        succeedSpinner(`Attached ${yellow('Neptune Query Policy')} policies to Lambda Role`, {logLevel: 'info'});
        
    } else {
        startSpinner('Attaching policy for Neptune VPC to Lambda role ...', true);
        input = {
            RoleName: roleName,
            PolicyArn: "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole",
        };
        command = new AttachRolePolicyCommand(input);
        await iamClient.send(command);    
        storeResource({LambdaExecutionPolicy2: input.PolicyArn});    
        await sleep(10000);
        succeedSpinner(`Attached ${yellow('AWSLambdaVPCAccessExecutionRole')} policies to role`, {logLevel: 'info'});
    }

}