def set_forecast_etl_permissions( self, function: IFunction, database: CfnResource, workgroup: CfnResource, quicksight_principal: CfnParameter, quicksight_source: CfnMapping, athena_bucket: IBucket, data_bucket_name_resource: CfnResource, ): function.role.attach_inline_policy( self.policies.athena_access(workgroup.ref)) function.role.attach_inline_policy( self.policies.glue_access( catalog=database, athena_bucket=athena_bucket, data_bucket_name_resource=data_bucket_name_resource, )) function.role.attach_inline_policy(self.policies.quicksight_access()) function.add_environment("SCHEMA_NAME", database.ref) function.add_environment("WORKGROUP_NAME", workgroup.ref) function.add_environment("QUICKSIGHT_PRINCIPAL", quicksight_principal.value_as_string) function.add_environment( "QUICKSIGHT_SOURCE", quicksight_source.find_in_map("General", "QuickSightSourceTemplateArn"), )
def set_forecast_s3_access_permissions( self, name, function: IFunction, data_bucket_name_resource: CfnResource): forecast_s3_access_role = self.policies.forecast_s3_access_role( name=name, data_bucket_name_resource=data_bucket_name_resource) function.role.attach_inline_policy( iam.Policy( self, f"{function.node.id}ForecastPassRolePolicy", statements=[ iam.PolicyStatement( effect=iam.Effect.ALLOW, actions=["iam:PassRole"], resources=[forecast_s3_access_role.role_arn], ) ], )) function.add_environment("FORECAST_ROLE", forecast_s3_access_role.role_arn)