import boto3 import json iam = boto3.client("iam") def create_lambda_role(role_name): try: response = iam.create_role( RoleName=role_name, AssumeRolePolicyDocument=json.dumps( { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}, "Action": "sts:AssumeRole", } ], } ), Description="Role for Lambda to call SageMaker functions", ) role_arn = response["Role"]["Arn"] response = iam.attach_role_policy( RoleName=role_name, PolicyArn="arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ) response = iam.attach_role_policy( PolicyArn="arn:aws:iam::aws:policy/AmazonSageMakerFullAccess", RoleName=role_name ) return role_arn except iam.exceptions.EntityAlreadyExistsException: print(f"Using ARN from existing role: {role_name}") response = iam.get_role(RoleName=role_name) return response["Role"]["Arn"]