API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 23rd, 2019
108
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.77 KB | None | 0 0
raw download clone embed print report
  1. {
  2. "AWSTemplateFormatVersion": "2010-09-09",
  3. "Description": "PA16 2018-12-13 - @akirmak - RevHist: PA16: sagemaker notebook role type fixed. PA15:-(parameters added for AcctId and S3 bucket's name initials)",
  4. "Parameters": {
  5. "yourInitials": {
  6. "Description": "Your Initials to be used in the s3-bucket created. All in small letters pls. e.g. It shall be 'fs' for Frank Sinatra",
  7. "Type": "String",
  8. "MinLength": "2",
  9. "MaxLength": "5"
  10. }
  11. },
  12. "Metadata": {
  13. "AWS::CloudFormation::Designer": {
  14. "38df71f9-6e6c-4cb3-bc01-40d0988453b1": {
  15. "size": {
  16. "width": 60,
  17. "height": 60
  18. },
  19. "position": {
  20. "x": 540,
  21. "y": 180
  22. },
  23. "z": 1,
  24. "embeds": []
  25. },
  26. "13e1ef2d-884d-4875-8b55-27a4843db116": {
  27. "size": {
  28. "width": 60,
  29. "height": 60
  30. },
  31. "position": {
  32. "x": 540,
  33. "y": 60
  34. },
  35. "z": 1,
  36. "embeds": []
  37. },
  38. "c599e0d5-d036-4fa1-9503-59cebc8349d1": {
  39. "size": {
  40. "width": 60,
  41. "height": 60
  42. },
  43. "position": {
  44. "x": 540,
  45. "y": 270
  46. },
  47. "z": 1,
  48. "embeds": []
  49. },
  50. "e058c21b-ec9d-4936-95eb-2c492465d87b": {
  51. "size": {
  52. "width": 60,
  53. "height": 60
  54. },
  55. "position": {
  56. "x": 360,
  57. "y": 270
  58. },
  59. "z": 1,
  60. "embeds": [],
  61. "isassociatedwith": [
  62. "c599e0d5-d036-4fa1-9503-59cebc8349d1"
  63. ]
  64. },
  65. "ed799633-3378-4ef8-8cbe-37b6c7ad5181": {
  66. "size": {
  67. "width": 60,
  68. "height": 60
  69. },
  70. "position": {
  71. "x": 330,
  72. "y": 180
  73. },
  74. "z": 1,
  75. "embeds": [],
  76. "isassociatedwith": [
  77. "38df71f9-6e6c-4cb3-bc01-40d0988453b1"
  78. ]
  79. },
  80. "e517d929-5247-426f-9c9e-2c8b7c9a37c6": {
  81. "size": {
  82. "width": 60,
  83. "height": 60
  84. },
  85. "position": {
  86. "x": 320,
  87. "y": 80
  88. },
  89. "z": 0,
  90. "embeds": [],
  91. "isassociatedwith": [
  92. "13e1ef2d-884d-4875-8b55-27a4843db116"
  93. ]
  94. }
  95. }
  96. },
  97. "Resources": {
  98. "tameGlueRoleSlessDataLakeImmersion": {
  99. "Type": "AWS::IAM::Role",
  100. "Properties": {
  101. "AssumeRolePolicyDocument": {
  102. "Version": "2012-10-17",
  103. "Statement": [
  104. {
  105. "Effect": "Allow",
  106. "Principal": {
  107. "Service": [
  108. "glue.amazonaws.com"
  109. ]
  110. },
  111. "Action": [
  112. "sts:AssumeRole"
  113. ]
  114. }
  115. ]
  116. },
  117. "ManagedPolicyArns": [
  118. "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole"
  119. ]
  120. },
  121. "Metadata": {
  122. "AWS::CloudFormation::Designer": {
  123. "id": "38df71f9-6e6c-4cb3-bc01-40d0988453b1"
  124. }
  125. }
  126. },
  127. "tameGluePolicySlessDataLakeImmersion": {
  128. "Type": "AWS::IAM::Policy",
  129. "Properties": {
  130. "PolicyName": "AWSGlueServicePolicyServerlessDataLakeImmersion",
  131. "PolicyDocument": {
  132. "Version": "2012-10-17",
  133. "Statement": [
  134. {
  135. "Sid": "VisualEditor0",
  136. "Effect": "Allow",
  137. "Action": [
  138. "s3:PutObject",
  139. "s3:GetObject",
  140. "s3:DeleteObject"
  141. ],
  142. "Resource": {
  143. "Fn::Join": [
  144. "",
  145. [
  146. "arn:aws:s3:::",
  147. {
  148. "Ref": "yourInitials"
  149. },
  150. "-tame-bda-immersion/*"
  151. ]
  152. ]
  153. }
  154. },
  155. {
  156. "Effect": "Allow",
  157. "Action": [
  158. "s3:GetObject",
  159. "s3:PutObject"
  160. ],
  161. "Resource": {
  162. "Fn::Join": [
  163. "",
  164. [
  165. "arn:aws:s3:::",
  166. {
  167. "Ref": "yourInitials"
  168. },
  169. "-tame-bda-immersion/compressed-parquet*"
  170. ]
  171. ]
  172. }
  173. }
  174. ]
  175. },
  176. "Roles": [
  177. {
  178. "Ref": "tameGlueRoleSlessDataLakeImmersion"
  179. }
  180. ]
  181. },
  182. "Metadata": {
  183. "AWS::CloudFormation::Designer": {
  184. "id": "ed799633-3378-4ef8-8cbe-37b6c7ad5181"
  185. }
  186. }
  187. },
  188. "tameFHoseRoleSlessDataLakeImmersion": {
  189. "Type": "AWS::IAM::Role",
  190. "Properties": {
  191. "AssumeRolePolicyDocument": {
  192. "Version": "2012-10-17",
  193. "Statement": [
  194. {
  195. "Sid": "",
  196. "Effect": "Allow",
  197. "Principal": {
  198. "Service": "firehose.amazonaws.com"
  199. },
  200. "Action": "sts:AssumeRole",
  201. "Condition": {
  202. "StringEquals": {
  203. "sts:ExternalId": {
  204. "Ref": "AWS::AccountId"
  205. }
  206. }
  207. }
  208. }
  209. ]
  210. },
  211. "ManagedPolicyArns": [
  212. "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
  213. ]
  214. },
  215. "Metadata": {
  216. "AWS::CloudFormation::Designer": {
  217. "id": "13e1ef2d-884d-4875-8b55-27a4843db116"
  218. }
  219. }
  220. },
  221. "tameFHosePolicySlessDataLakeImmersion": {
  222. "Type": "AWS::IAM::Policy",
  223. "Properties": {
  224. "PolicyName": "FirehosePolicyServerlessDataLakeImmersion",
  225. "PolicyDocument": {
  226. "Version": "2012-10-17",
  227. "Statement": [
  228. {
  229. "Sid": "",
  230. "Effect": "Allow",
  231. "Action": [
  232. "glue:GetTableVersions"
  233. ],
  234. "Resource": "*"
  235. },
  236. {
  237. "Sid": "",
  238. "Effect": "Allow",
  239. "Action": [
  240. "s3:AbortMultipartUpload",
  241. "s3:GetBucketLocation",
  242. "s3:GetObject",
  243. "s3:ListBucket",
  244. "s3:ListBucketMultipartUploads",
  245. "s3:PutObject"
  246. ],
  247. "Resource": [
  248. {
  249. "Fn::Join": [
  250. "",
  251. [
  252. "arn:aws:s3:::",
  253. {
  254. "Ref": "yourInitials"
  255. },
  256. "-tame-bda-immersion"
  257. ]
  258. ]
  259. },
  260. {
  261. "Fn::Join": [
  262. "",
  263. [
  264. "arn:aws:s3:::",
  265. {
  266. "Ref": "yourInitials"
  267. },
  268. "-tame-bda-immersion/*"
  269. ]
  270. ]
  271. },
  272. "arn:aws:s3:::%FIREHOSE_BUCKET_NAME%",
  273. "arn:aws:s3:::%FIREHOSE_BUCKET_NAME%/*"
  274. ]
  275. },
  276. {
  277. "Sid": "",
  278. "Effect": "Allow",
  279. "Action": [
  280. "lambda:InvokeFunction",
  281. "lambda:GetFunctionConfiguration"
  282. ],
  283. "Resource": {
  284. "Fn::Join": [
  285. "",
  286. [
  287. "arn:aws:lambda:",
  288. {
  289. "Ref": "AWS::Region"
  290. },
  291. ":",
  292. {
  293. "Ref": "AWS::AccountId"
  294. },
  295. ":function:%FIREHOSE_DEFAULT_FUNCTION%:%FIREHOSE_DEFAULT_VERSION%"
  296. ]
  297. ]
  298. }
  299. },
  300. {
  301. "Sid": "",
  302. "Effect": "Allow",
  303. "Action": [
  304. "logs:PutLogEvents"
  305. ],
  306. "Resource": [
  307. {
  308. "Fn::Join": [
  309. "",
  310. [
  311. "arn:aws:logs:",
  312. {
  313. "Ref": "AWS::Region"
  314. },
  315. ":",
  316. {
  317. "Ref": "AWS::AccountId"
  318. },
  319. ":log-group:/aws/kinesisfirehose/tamebda-rta-kinesisfh-prodcat:log-stream:*"
  320. ]
  321. ]
  322. }
  323. ]
  324. },
  325. {
  326. "Sid": "",
  327. "Effect": "Allow",
  328. "Action": [
  329. "kinesis:DescribeStream",
  330. "kinesis:GetShardIterator",
  331. "kinesis:GetRecords"
  332. ],
  333. "Resource": {
  334. "Fn::Join": [
  335. "",
  336. [
  337. "arn:aws:kinesis:",
  338. {
  339. "Ref": "AWS::Region"
  340. },
  341. ":",
  342. {
  343. "Ref": "AWS::AccountId"
  344. },
  345. ":stream/%FIREHOSE_STREAM_NAME%"
  346. ]
  347. ]
  348. }
  349. },
  350. {
  351. "Effect": "Allow",
  352. "Action": [
  353. "kms:Decrypt"
  354. ],
  355. "Resource": [
  356. "arn:aws:kms:region:accountid:key/%SSE_KEY_ARN%"
  357. ],
  358. "Condition": {
  359. "StringEquals": {
  360. "kms:ViaService": "kinesis.%REGION_NAME%.amazonaws.com"
  361. },
  362. "StringLike": {
  363. "kms:EncryptionContext:aws:kinesis:arn": {
  364. "Fn::Join": [
  365. "",
  366. [
  367. "arn:aws:kinesis:%REGION_NAME%:",
  368. {
  369. "Ref": "AWS::AccountId"
  370. },
  371. ":stream/%FIREHOSE_STREAM_NAME%"
  372. ]
  373. ]
  374. }
  375. }
  376. }
  377. }
  378. ]
  379. },
  380. "Roles": [
  381. {
  382. "Ref": "tameFHoseRoleSlessDataLakeImmersion"
  383. }
  384. ]
  385. },
  386. "Metadata": {
  387. "AWS::CloudFormation::Designer": {
  388. "id": "e517d929-5247-426f-9c9e-2c8b7c9a37c6"
  389. }
  390. }
  391. },
  392. "tameSageMakerNBookRoleSlessDataLake": {
  393. "Type": "AWS::IAM::Role",
  394. "Properties": {
  395. "AssumeRolePolicyDocument": {
  396. "Version": "2012-10-17",
  397. "Statement": [
  398. {
  399. "Effect": "Allow",
  400. "Principal": {
  401. "Service": "sagemaker.amazonaws.com"
  402. },
  403. "Action": "sts:AssumeRole"
  404. }
  405. ]
  406. },
  407. "ManagedPolicyArns": [
  408. "arn:aws:iam::aws:policy/AmazonS3FullAccess",
  409. "arn:aws:iam::aws:policy/AmazonAthenaFullAccess"
  410. ]
  411. },
  412. "Metadata": {
  413. "AWS::CloudFormation::Designer": {
  414. "id": "c599e0d5-d036-4fa1-9503-59cebc8349d1"
  415. }
  416. }
  417. },
  418. "tameSageMakerNBookPolicySlessDataLake": {
  419. "Type": "AWS::IAM::Policy",
  420. "Properties": {
  421. "PolicyName": "SageMakerNotebookPolicyServerlessDataLake",
  422. "PolicyDocument": {
  423. "Version": "2012-10-17",
  424. "Statement": [
  425. {
  426. "Sid": "VisualEditor0",
  427. "Effect": "Allow",
  428. "Action": [
  429. "logs:CreateLogStream",
  430. "logs:DescribeLogStreams",
  431. "s3:ListBucket",
  432. "logs:PutLogEvents"
  433. ],
  434. "Resource": [
  435. {
  436. "Fn::Join": [
  437. "",
  438. [
  439. "arn:aws:s3:::aws-glue-jes-prod-",
  440. {
  441. "Ref": "AWS::Region"
  442. },
  443. "-assets"
  444. ]
  445. ]
  446. },
  447. {
  448. "Fn::Join": [
  449. "",
  450. [
  451. "arn:aws:logs:",
  452. {
  453. "Ref": "AWS::Region"
  454. },
  455. ":",
  456. {
  457. "Ref": "AWS::AccountId"
  458. },
  459. ":log-group:/aws/sagemaker/*"
  460. ]
  461. ]
  462. },
  463. {
  464. "Fn::Join": [
  465. "",
  466. [
  467. "arn:aws:logs:",
  468. {
  469. "Ref": "AWS::Region"
  470. },
  471. ":",
  472. {
  473. "Ref": "AWS::AccountId"
  474. },
  475. ":log-group:/aws/sagemaker/*:log-stream:aws-glue-*"
  476. ]
  477. ]
  478. }
  479. ]
  480. },
  481. {
  482. "Sid": "VisualEditor1",
  483. "Effect": "Allow",
  484. "Action": "s3:GetObject",
  485. "Resource": {
  486. "Fn::Join": [
  487. "",
  488. [
  489. "arn:aws:s3:::aws-glue-jes-prod-",
  490. {
  491. "Ref": "AWS::Region"
  492. },
  493. "-assets*"
  494. ]
  495. ]
  496. }
  497. },
  498. {
  499. "Sid": "VisualEditor2",
  500. "Effect": "Allow",
  501. "Action": [
  502. "s3:PutAnalyticsConfiguration",
  503. "s3:GetObjectVersionTagging",
  504. "s3:CreateBucket",
  505. "s3:ReplicateObject",
  506. "s3:GetObjectAcl",
  507. "s3:DeleteBucketWebsite",
  508. "s3:PutLifecycleConfiguration",
  509. "s3:GetObjectVersionAcl",
  510. "s3:PutObjectTagging",
  511. "s3:DeleteObject",
  512. "s3:DeleteObjectTagging",
  513. "s3:GetBucketPolicyStatus",
  514. "s3:GetBucketWebsite",
  515. "s3:PutReplicationConfiguration",
  516. "s3:DeleteObjectVersionTagging",
  517. "s3:GetBucketNotification",
  518. "s3:PutBucketCORS",
  519. "s3:GetReplicationConfiguration",
  520. "s3:ListMultipartUploadParts",
  521. "s3:GetObject",
  522. "s3:PutBucketNotification",
  523. "s3:PutObject",
  524. "s3:PutBucketLogging",
  525. "s3:GetAnalyticsConfiguration",
  526. "s3:GetObjectVersionForReplication",
  527. "s3:GetLifecycleConfiguration",
  528. "s3:ListBucketByTags",
  529. "s3:GetBucketTagging",
  530. "s3:GetInventoryConfiguration",
  531. "s3:PutAccelerateConfiguration",
  532. "s3:DeleteObjectVersion",
  533. "s3:GetBucketLogging",
  534. "s3:ListBucketVersions",
  535. "s3:ReplicateTags",
  536. "s3:RestoreObject",
  537. "s3:GetAccelerateConfiguration",
  538. "s3:ListBucket",
  539. "s3:GetBucketPolicy",
  540. "s3:PutEncryptionConfiguration",
  541. "s3:GetEncryptionConfiguration",
  542. "s3:GetObjectVersionTorrent",
  543. "s3:AbortMultipartUpload",
  544. "s3:GetBucketRequestPayment",
  545. "s3:PutBucketTagging",
  546. "s3:GetObjectTagging",
  547. "s3:GetMetricsConfiguration",
  548. "s3:DeleteBucket",
  549. "s3:PutBucketVersioning",
  550. "s3:GetBucketPublicAccessBlock",
  551. "s3:ListBucketMultipartUploads",
  552. "s3:PutMetricsConfiguration",
  553. "s3:PutObjectVersionTagging",
  554. "s3:GetBucketVersioning",
  555. "s3:GetBucketAcl",
  556. "s3:PutInventoryConfiguration",
  557. "s3:GetObjectTorrent",
  558. "s3:PutBucketRequestPayment",
  559. "s3:PutBucketWebsite",
  560. "s3:GetBucketCORS",
  561. "s3:GetBucketLocation",
  562. "s3:GetObjectVersion",
  563. "s3:ReplicateDelete"
  564. ],
  565. "Resource": {
  566. "Fn::Join": [
  567. "",
  568. [
  569. "arn:aws:s3:::aws-athena-query-results-",
  570. {
  571. "Ref": "AWS::AccountId"
  572. },
  573. {
  574. "Ref": "AWS::Region"
  575. },
  576. "*"
  577. ]
  578. ]
  579. }
  580. },
  581. {
  582. "Sid": "VisualEditor3",
  583. "Effect": "Allow",
  584. "Action": [
  585. "s3:GetAccountPublicAccessBlock",
  586. "s3:ListAllMyBuckets",
  587. "s3:HeadBucket"
  588. ],
  589. "Resource": "*"
  590. },
  591. {
  592. "Sid": "VisualEditor4",
  593. "Effect": "Allow",
  594. "Action": "logs:CreateLogGroup",
  595. "Resource": [
  596. {
  597. "Fn::Join": [
  598. "",
  599. [
  600. "arn:aws:logs:",
  601. {
  602. "Ref": "AWS::Region"
  603. },
  604. ":",
  605. {
  606. "Ref": "AWS::AccountId"
  607. },
  608. ":log-group:/aws/sagemaker/*"
  609. ]
  610. ]
  611. },
  612. {
  613. "Fn::Join": [
  614. "",
  615. [
  616. "arn:aws:logs:",
  617. {
  618. "Ref": "AWS::Region"
  619. },
  620. ":",
  621. {
  622. "Ref": "AWS::AccountId"
  623. },
  624. ":log-group:/aws/sagemaker/*:log-stream:aws-glue-*"
  625. ]
  626. ]
  627. }
  628. ]
  629. },
  630. {
  631. "Sid": "VisualEditor5",
  632. "Effect": "Allow",
  633. "Action": [
  634. "glue:GetDevEndpoints",
  635. "glue:UpdateDevEndpoint",
  636. "glue:GetDevEndpoint"
  637. ],
  638. "Resource": {
  639. "Fn::Join": [
  640. "",
  641. [
  642. "arn:aws:glue:",
  643. {
  644. "Ref": "AWS::Region"
  645. },
  646. ":",
  647. {
  648. "Ref": "AWS::AccountId"
  649. },
  650. ":devEndpoint/gj-tame-bda-kdg-raw2parquet-devEndpoint*"
  651. ]
  652. ]
  653. }
  654. }
  655. ]
  656. },
  657. "Roles": [
  658. {
  659. "Ref": "tameSageMakerNBookRoleSlessDataLake"
  660. }
  661. ]
  662. },
  663. "Metadata": {
  664. "AWS::CloudFormation::Designer": {
  665. "id": "e058c21b-ec9d-4936-95eb-2c492465d87b"
  666. }
  667. }
  668. }
  669. }
  670. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!