B xJ`@s&ddlmZmZGdddejZdS))coreaws_iamcs0eZdZejeddfdd ZddZZS)KnowledgeAnalyzerIAMStackN)scopeidreturnc stj||f|||_tj||jdttdtdtdtdtdtdtd|jdd |_|dS) Nz -ServiceRolezsns.amazonaws.comzsqs.amazonaws.comzlambda.amazonaws.comzrds.amazonaws.comzhealthlake.amazonaws.comzec2.amazonaws.comzkendra.amazonaws.com) assumed_by role_name) super__init__PREFIXrRoleCompositePrincipalServicePrincipal service_roleupdateServiceRolePermissions)selfrrkwargs) __class__^/home/ec2-user/environment/knoma_healthlake/knowledge_analyzer/knowledge_analyzer_iam_stack.pyr s  z"KnowledgeAnalyzerIAMStack.__init__cCsd}|jtjtjjd|jd|dd|jd|dd|jdd|jdd |jdd |jddgd d d ddddddg gdtj|ddtdd|_ tjtjjdgdgd}tjtjjdgdddgd}|j ||j |dS)NzHEALTHLAKE-KNOWLEDGE-ANALYZERzarn:aws:sqs:us-*::*zarn:aws:sns:us-*:zarn:aws:logs:us-*:z:*zarn:aws:neptune-db:us-*:zarn:aws:healthlake:us-*:zarn:aws:ec2:us-*:zsqs:*zsns:*zlogs:*z healthlake:*z iam:PassRolezs3:*zrds:*z neptune-db:*zec2:*)effect resourcesactions conditionsz;AmazonHealthLake-Export-us-east-1-HealthKnoMaDataAccessRolezhealthlake.amazonaws.com)r rzarn:aws:s3:::*z s3:PutObject)rrrz s3:ListBucketzs3:GetBucketPublicAccessBlockzs3:GetEncryptionConfiguration) r add_to_policyrPolicyStatementEffectALLOWaccountr rZapp_instance_role)rZresource_prefixZ roleStmt1Z roleStmt2rrrrsF        z6KnowledgeAnalyzerIAMStack.updateServiceRolePermissions) __name__ __module__ __qualname__r Constructstrr r __classcell__rr)rrrsrN)aws_cdkrrStackrrrrrs