U wúsc('ã@s\dd„Zdd„Zdd„Zdd„Zdd „Zd d „Zd d „Zdd„Zdd„Zdd„Z dd„Z dS)cCs6| d¡d}d|}d||f}|d7}|d7}|S)Nú/éÿÿÿÿú1https://console.aws.amazon.com/iam/home#/roles/%sú?1. Go to IAM console to edit current SageMaker role: [%s](%s). úD2. Next, go to the `Permissions tab` and click on `Attach Policy.` zR3. Search and select `EC2InstanceProfileForImageBuilderECRContainerBuilds` policy ©Úsplit©ÚroleÚ role_nameÚurlÚtext©r úf/home/ec2-user/SageMaker/aws-deepracer-workshops/Advanced workshops/workshop/common/markdown_helper.pyÚ7generate_ecr_push_local_docker_image_for_sagemaker_roles  rcCs6| d¡d}d|}d||f}|d7}|d7}|S)NrrrrrzK3. Search and select `AmazonElasticContainerRegistryPublicReadOnly` policy rrr r rÚ6generate_ecr_read_create_permission_for_sagemaker_roles  rcCs6| d¡d}d|}d||f}|d7}|d7}|S)NrrrrrzB3. Search and select `AmazonKinesisVideoStreamsFullAccess` policy rrr r rÚ/generate_s3_write_permission_for_sagemaker_roles  rcCs6| d¡d}d|}d||f}|d7}|d7}|S)Nrrrrrz13. Search and select `AmazonS3FullAccess` policy rrr r rÚ5generate_kinesis_create_permission_for_sagemaker_role&s  rcCsR| d¡d}d|}d}|d||f7}|d|7}|d7}|d7}|d 7}|S) NrrrúZ>It looks like your SageMaker role has insufficient premissions. Please do the following: rz-2. Select %s and then click on `Edit Policy` zP3. Select the JSON tab and add the following JSON blob to the `Statement` list: zÝ```json { "Action": [ "ec2:DescribeRouteTables", "ec2:CreateVpcEndpoint" ], "Effect": "Allow", "Resource": "*" },``` ú?4. Now wait for a few minutes before executing this cell again!rrr r rÚ)generate_help_for_s3_endpoint_permissions.s  rcCsF| d¡d}d|}d||f}|d7}|d7}|d7}|d7}|S) NrrrrzV2. Next, go to the `Trust relationships tab` and click on `Edit Trust Relationship.` z-3. Replace the JSON blob with the following: a¿```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "sagemaker.amazonaws.com", "robomaker.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }``` zH4. Once this is complete, click on Update Trust Policy and you are done.rrr r rÚ.generate_help_for_robomaker_trust_relationshipBs rcCsf| d¡d}d|}d}|d||f7}|d7}|d7}|d7}|d 7}|d 7}|d 7}|d 7}|S) NrrrrrúY2. Click on policy starting with `AmazonSageMaker-ExecutionPolicy` and then edit policy. úX3. Go to JSON tab, add the following JSON blob to the `Statement` list and save policy: a«```json { "Effect": "Allow", "Action": [ "robomaker:CreateSimulationApplication", "robomaker:DescribeSimulationApplication", "robomaker:DeleteSimulationApplication", "robomaker:CreateSimulationJob", "robomaker:DescribeSimulationJob", "robomaker:CancelSimulationJob", "robomaker:ListSimulationApplications" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "robomaker.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": [ "robomaker.amazonaws.com" ] } } },``` zV4. Next, go to the `Trust relationships tab` and click on `Edit Trust Relationship.` z85. Add the following JSON blob to the `Statement` list: zÕ```json { "Effect": "Allow", "Principal": { "Service": "robomaker.amazonaws.com" }, "Action": "sts:AssumeRole" },``` z?6. Now wait for a few minutes before executing this cell again!rrr r rÚ+generate_help_for_robomaker_all_permissions\s(rcCsndd„|Dƒ}g}|D]}d|||f}| |¡qd}tt|ƒƒD]}|d|d||f7}qD|d7}|S)NcSsg|]}| d¡d‘qS)rrr)Ú.0Zjob_arnr r rÚ šsz,generate_robomaker_links..zLhttps://%s.console.aws.amazon.com/robomaker/home?region=%s#simulationJobs/%szY> Click on the following links for visualization of simulation jobs on RoboMaker Console z- [Simulation %s](%s) ézN You can click on Gazebo after you open the above link to start the simulator.)ÚappendÚrangeÚlen)Zjob_arnsÚ aws_regionZsimulation_idsZrobomaker_linksZ simulation_idZrobomaker_linkZmarkdown_contentÚir r rÚgenerate_robomaker_links™sþ r"cCsHd||f}d}|d|7}|d|7}|d|7}|d7}|d7}|S)NzQhttps://%s.console.aws.amazon.com/vpc/home?region=%s#Endpoints:sort=vpcEndpointIdzZ>VPC S3 endpoint creation failed. Please do the following to create an endpoint manually: z'1. Go to [VPC console | Endpoints](%s) zM2. Click on `Create Endpoint`. Select Service Name as `com.amazonaws.%s.s3`. z^3. Next, select your Default VPC: `%s` and click the checkbox against the main Route Table ID zA4. Select `Full Access` in policy and click on `Create Endpoint` zT5. That should be it! Now wait for a few seconds before proceeding to the next cell.r )r Z default_vpcr r r r rÚcreate_s3_endpoint_manuallyªs   ÿr#cCsR| d¡d}d|}d||f}|d7}|d7}|d7}|d|7}|d 7}|S) NrrrrzF2. Next, go to the `Permissions tab` and click on `Attach policies`. z+3. Check the box for `AdministratorAccess` z+4. Click on `Attach policy` at the bottom. zR5. You'll see message `Policy AdministratorAccess has been attached for the %s`. z*6. Once this is complete, you are all set.rrr r rÚ&generate_help_for_administrator_policy¶s  r$cCsN| d¡d}d|}d}|d||f7}|d7}|d7}|d7}|d 7}|S) Nrrrrrrrap```json { "Effect": "Allow", "Action": [ "firehose:*", "cloudformation:*", "dynamodb:*", "iam:*", "cloudwatch:*", "glue:*", "athena:*" ], "Resource": [ "*" ] },``` rrrr r rÚ0generate_help_for_experiment_manager_permissionsÁsr%N) rrrrrrrr"r#r$r%r r r rÚs=