def set_forecast_etl_permissions(
self,
function: IFunction,
database: CfnResource,
workgroup: CfnResource,
quicksight_principal: CfnParameter,
quicksight_source: CfnMapping,
athena_bucket: IBucket,
data_bucket_name_resource: CfnResource,
):
function.role.attach_inline_policy(
self.policies.athena_access(workgroup.ref))
function.role.attach_inline_policy(
self.policies.glue_access(
catalog=database,
athena_bucket=athena_bucket,
data_bucket_name_resource=data_bucket_name_resource,
))
function.role.attach_inline_policy(self.policies.quicksight_access())
function.add_environment("SCHEMA_NAME", database.ref)
function.add_environment("WORKGROUP_NAME", workgroup.ref)
function.add_environment("QUICKSIGHT_PRINCIPAL",
quicksight_principal.value_as_string)
function.add_environment(
"QUICKSIGHT_SOURCE",
quicksight_source.find_in_map("General",
"QuickSightSourceTemplateArn"),
)
def set_forecast_s3_access_permissions(
self, name, function: IFunction,
data_bucket_name_resource: CfnResource):
forecast_s3_access_role = self.policies.forecast_s3_access_role(
name=name, data_bucket_name_resource=data_bucket_name_resource)
function.role.attach_inline_policy(
iam.Policy(
self,
f"{function.node.id}ForecastPassRolePolicy",
statements=[
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=["iam:PassRole"],
resources=[forecast_s3_access_role.role_arn],
)
],
))
function.add_environment("FORECAST_ROLE",
forecast_s3_access_role.role_arn)
