Skip to content

Commit

Permalink
adding some permissions, other cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
rpmcginty committed May 22, 2024
1 parent 1056f81 commit a3c5812
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 4 deletions.
8 changes: 6 additions & 2 deletions src/aibs_informatics_cdk_lib/common/aws/iam_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,16 @@
build_sfn_arn,
)

BATCH_READ_ONLY_ACTIONS = [
"batch:Describe*",
"batch:List*",
]

BATCH_FULL_ACCESS_ACTIONS = [
"batch:RegisterJobDefinition",
"batch:DeregisterJobDefinition",
"batch:DescribeJobDefinitions",
"batch:List*",
"batch:Describe*",
*BATCH_READ_ONLY_ACTIONS,
"batch:*",
]

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,9 @@
from aws_cdk import aws_s3 as s3

from aibs_informatics_cdk_lib.common.aws.iam_utils import (
BATCH_READ_ONLY_ACTIONS,
S3_READ_ONLY_ACCESS_ACTIONS,
batch_policy_statement,
dynamodb_policy_statement,
lambda_policy_statement,
)
Expand Down Expand Up @@ -149,6 +151,7 @@ def create_instance_role(
effect=iam.Effect.ALLOW,
resources=["*"],
),
batch_policy_statement(actions=BATCH_READ_ONLY_ACTIONS, env_base=self.env_base),
lambda_policy_statement(actions=["lambda:InvokeFunction"], env_base=self.env_base),
dynamodb_policy_statement(
env_base=self.env_base,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ def get_fn(self, function_name: str) -> lambda_.IFunction:
resource_cache = cast(Dict[str, lambda_.IFunction], getattr(self, cache_attr))
if function_name not in resource_cache:
resource_cache[function_name] = lambda_.Function.from_function_arn(
scope=self,
scope=self.as_construct(),
id=self.env_base.get_construct_id(function_name, "from-arn"),
function_arn=build_lambda_arn(
resource_type="function",
Expand Down
2 changes: 1 addition & 1 deletion src/aibs_informatics_core_app/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ def __init__(self, scope: Construct, config: StageConfig, **kwargs) -> None:
def main():
app = cdk.App()

config = get_config(app.node)
config: StageConfig = get_config(app.node)

InfraStage(app, config)

Expand Down

0 comments on commit a3c5812

Please sign in to comment.