// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`verify roles match snapshosts integ test for accessAWSServices ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for accessAWSServices ML Activity with KMS 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for accessAWSServices ML Activity with VPC 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for accessAWSServices ML Activity with VPC and KMS 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for accessS3AllResources ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for accessS3AllResourcesV2 ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for accessS3Buckets ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for manageEndpoints ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for manageEndpoints ML Activity with KMS 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for manageExperiments ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for manageGlueTables ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for manageGlueTables ML Activity with KMS 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for manageJobs ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for manageJobs ML Activity with KMS 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for manageJobs ML Activity with VPC 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for manageJobs ML Activity with VPC and KMS 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for manageModels ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for manageModels ML Activity with VPC 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for managePipelines ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for monitorModels ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for monitorModels ML Activity with KMS 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for monitorModels ML Activity with VPC 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for monitorModels ML Activity with VPC and KMS 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for queryAthenaGroups ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for runStudioApps ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for runStudioApps ML Activity with KMS 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for runStudioAppsV2 ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`verify roles match snapshosts integ test for visualizeExperiments ML Activity 1`] = ` Object { "Parameters": Object { "BootstrapVersion": Object { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": Object { "SMComputeExecutionRoleV11681344000000id4FA730C9": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, ], ], }, }, Object { "Action": Array [ "s3:GetObject", "s3:PutObject", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:aws:s3:::", Object { "Ref": "s3Bucket6575F0A6", }, "/*", ], ], }, }, Object { "Action": Array [ "sagemaker:BatchPutMetrics", "ecr:GetAuthorizationToken", "ecr:ListImages", ], "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "ecrRepositoryF10F8231", "Arn", ], }, }, Object { "Action": "cloudwatch:PutMetricData", "Condition": Object { "StringLike": Object { "cloudwatch:namespace": Array [ "*SageMaker*", "*Sagemaker*", "*sagemaker*", ], }, }, "Effect": "Allow", "Resource": "*", }, Object { "Action": Array [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup", "logs:DescribeLogStreams", ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/*", }, ], "Version": "2012-10-17", }, "PolicyName": "SM_ComputeExecutionRole_V1_1681344000000", "Roles": Array [ Object { "Ref": "accessAwsServicesroleC21FCBB3", }, ], }, "Type": "AWS::IAM::Policy", }, "accessAwsServicesroleC21FCBB3": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "RoleName": "SageMaker-accessAwsServices role", }, "Type": "AWS::IAM::Role", }, "datakeyid00789BAD": Object { "DeletionPolicy": "Retain", "Properties": Object { "KeyPolicy": Object { "Statement": Array [ Object { "Action": "kms:*", "Effect": "Allow", "Principal": Object { "AWS": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":iam::012345678910:root", ], ], }, }, "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::KMS::Key", "UpdateReplacePolicy": "Retain", }, "ecrRepositoryF10F8231": Object { "DeletionPolicy": "Retain", "Properties": Object { "RepositoryName": "test", }, "Type": "AWS::ECR::Repository", "UpdateReplacePolicy": "Retain", }, "passedroleid112F9904": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": "sagemaker.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": "Test Description", "RoleName": "Test Role", }, "Type": "AWS::IAM::Role", }, "s3Bucket6575F0A6": Object { "DeletionPolicy": "Retain", "Properties": Object { "BucketName": "testbucket", }, "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", }, "securitygroupid509A4AD0": Object { "Properties": Object { "GroupDescription": "stack/security group id", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::SecurityGroup", }, "subnetidRouteTable0B404D8A": Object { "Properties": Object { "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::RouteTable", }, "subnetidRouteTableAssociation8B8142FF": Object { "Properties": Object { "RouteTableId": Object { "Ref": "subnetidRouteTable0B404D8A", }, "SubnetId": Object { "Ref": "subnetidSubnetEF5D338F", }, }, "Type": "AWS::EC2::SubnetRouteTableAssociation", }, "subnetidSubnetEF5D338F": Object { "Properties": Object { "AvailabilityZone": "dummy1a", "CidrBlock": "10.0.0.0/28", "Tags": Array [ Object { "Key": "Name", "Value": "stack/subnet id", }, ], "VpcId": "vpc-1234", }, "Type": "AWS::EC2::Subnet", }, }, "Rules": Object { "CheckBootstrapVersion": Object { "Assertions": Array [ Object { "Assert": Object { "Fn::Not": Array [ Object { "Fn::Contains": Array [ Array [ "1", "2", "3", "4", "5", ], Object { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `;