in cli/src/pcluster/templates/cdk_builder_utils.py [0:0]
def _build_policy(self) -> List[iam.PolicyStatement]:
return [
iam.PolicyStatement(
sid="Ec2",
actions=["ec2:DescribeInstanceAttribute"],
effect=iam.Effect.ALLOW,
resources=["*"],
),
iam.PolicyStatement(
sid="S3GetObj",
actions=["s3:GetObject"],
effect=iam.Effect.ALLOW,
resources=[
self._format_arn(
service="s3",
resource="{0}-aws-parallelcluster/*".format(Stack.of(self).region),
region="",
account="",
)
],
),
iam.PolicyStatement(
sid="Autoscaling",
actions=[
"autoscaling:CompleteLifecycleAction",
],
effect=iam.Effect.ALLOW,
resources=[
self._format_arn(
service="autoscaling",
resource=f"autoScalingGroup:*:autoScalingGroupName/{self._auto_scaling_group_name}",
)
],
),
iam.PolicyStatement(
sid="CloudFormation",
actions=[
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStacks",
],
effect=iam.Effect.ALLOW,
resources=[
self._format_arn(
service="cloudformation",
resource=f"stack/{Stack.of(self).stack_name}/*",
region=Stack.of(self).region,
account=Stack.of(self).account,
),
core.Aws.STACK_ID,
],
),
iam.PolicyStatement(
sid="DynamoDBTable",
actions=["dynamodb:UpdateItem", "dynamodb:PutItem", "dynamodb:GetItem"],
effect=iam.Effect.ALLOW,
resources=[
self._format_arn(
service="dynamodb",
resource=f"table/{PCLUSTER_DYNAMODB_PREFIX}{Stack.of(self).stack_name}",
)
],
),
iam.PolicyStatement(
sid="DcvLicense",
actions=[
"s3:GetObject",
],
effect=iam.Effect.ALLOW,
resources=[
self._format_arn(
service="s3",
resource="dcv-license.{0}/*".format(Stack.of(self).region),
region="",
account="",
)
],
),
]