def set_forecast_etl_permissions(
     self,
     function: IFunction,
     database: CfnResource,
     workgroup: CfnResource,
     quicksight_principal: CfnParameter,
     quicksight_source: CfnMapping,
     athena_bucket: IBucket,
     data_bucket_name_resource: CfnResource,
 ):
     function.role.attach_inline_policy(
         self.policies.athena_access(workgroup.ref))
     function.role.attach_inline_policy(
         self.policies.glue_access(
             catalog=database,
             athena_bucket=athena_bucket,
             data_bucket_name_resource=data_bucket_name_resource,
         ))
     function.role.attach_inline_policy(self.policies.quicksight_access())
     function.add_environment("SCHEMA_NAME", database.ref)
     function.add_environment("WORKGROUP_NAME", workgroup.ref)
     function.add_environment("QUICKSIGHT_PRINCIPAL",
                              quicksight_principal.value_as_string)
     function.add_environment(
         "QUICKSIGHT_SOURCE",
         quicksight_source.find_in_map("General",
                                       "QuickSightSourceTemplateArn"),
     )
 def set_forecast_s3_access_permissions(
         self, name, function: IFunction,
         data_bucket_name_resource: CfnResource):
     forecast_s3_access_role = self.policies.forecast_s3_access_role(
         name=name, data_bucket_name_resource=data_bucket_name_resource)
     function.role.attach_inline_policy(
         iam.Policy(
             self,
             f"{function.node.id}ForecastPassRolePolicy",
             statements=[
                 iam.PolicyStatement(
                     effect=iam.Effect.ALLOW,
                     actions=["iam:PassRole"],
                     resources=[forecast_s3_access_role.role_arn],
                 )
             ],
         ))
     function.add_environment("FORECAST_ROLE",
                              forecast_s3_access_role.role_arn)