in src/graph_notebook/notebooks/01-Neptune-Database/03-Sample-Applications/03-Identity-Graphs/03-Jumpstart-Identity-Graphs-Using-Canonical-Model-and-ETL/glue_utils.py [0:0]
def setupiamrole(self):
my_managed_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Action": "neptune-db:connect",
"Resource": f"arn:aws:neptune-db:{self.region_name}:{self.accountid}:*/*",
"Effect": "Allow"
}
]
}
policyRef = self.iam.create_policy(
PolicyName='Glue-Neptune-Policy' + self.etlformatted,
PolicyDocument=json.dumps(my_managed_policy)
)
self.glueNeptuneRole = 'Glue-Neptune-Role' + self.etlformatted
assumerole_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"glue.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
role = self.iam.create_role(
RoleName=self.glueNeptuneRole,
AssumeRolePolicyDocument=json.dumps(assumerole_policy),
Description='Role to give Glue Job permission to Neptune and S3 bucket'
)
self.iam.attach_role_policy(
PolicyArn=policyRef['Policy']['Arn'],
RoleName=self.glueNeptuneRole
)
self.iam.attach_role_policy(
PolicyArn="arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole",
RoleName=self.glueNeptuneRole
)
self.iam.attach_role_policy(
PolicyArn="arn:aws:iam::aws:policy/AmazonS3FullAccess",
RoleName=self.glueNeptuneRole
)
print('Created IAM role for AWS Glue Job')
self.iamrole = role['Role']['RoleName']
self.iamroleArn = role['Role']['Arn']
print(self.iamroleArn)