private createRole()

in netbench-cdk/lib/netbench.ts [91:106]

• 14 lines of code
• 2 McCabe index (conditional complexity)

    private createRole() {
        // Create IAM role for the EC2 instances
        const instanceRole = new cdk.aws_iam.Role(this, 'NetbenchRunnerInstanceRole', {
            assumedBy: new cdk.aws_iam.ServicePrincipal('ec2.amazonaws.com'),
        });

        // Create an instance profile to allow ec2 to use the role.
        // https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
        const instanceProfile = new cdk.aws_iam.InstanceProfile(this, 'instanceProfile', { role: instanceRole })
        new cdk.CfnOutput(this, "output:NetbenchRunnerInstanceProfile", { value: instanceProfile.instanceProfileName })

        // Attach managed policies to the IAM role
        instanceRole.addManagedPolicy(cdk.aws_iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMFullAccess'));
        // TODO: This is too permissive- scope this down to just the netbench bucket.
        instanceRole.addManagedPolicy(cdk.aws_iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonS3FullAccess'));
    };