import boto3 import json def create_lambda_iam_role(role_name): iam = boto3.client("iam") try: response = iam.create_role( RoleName = role_name, AssumeRolePolicyDocument = json.dumps({ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }), Description='Role for Lambda to call SageMaker' ) role_arn = response['Role']['Arn'] response = iam.attach_role_policy( RoleName=role_name, PolicyArn='arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole' ) response = iam.attach_role_policy( PolicyArn='arn:aws:iam::aws:policy/AmazonSageMakerFullAccess', RoleName=role_name ) return role_arn except iam.exceptions.EntityAlreadyExistsException: print(f'Using ARN from existing role: {role_name}') response = iam.get_role(RoleName=role_name) print("Done") return response['Role']['Arn'] try: response = iam.create_role( RoleName = role_name, AssumeRolePolicyDocument = json.dumps({ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }), Description='Role for Lambda to call SageMaker' ) role_arn = response['Role']['Arn'] response = iam.attach_role_policy( RoleName=role_name, PolicyArn='arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole' ) response = iam.attach_role_policy( PolicyArn='arn:aws:iam::aws:policy/AmazonSageMakerFullAccess', RoleName=role_name ) print("Done") return role_arn except iam.exceptions.EntityAlreadyExistsException: print(f'Using ARN from existing role: {role_name}') response = iam.get_role(RoleName=role_name) print("Done") return response['Role']['Arn']