add data science policy

Mark Ellens · Mark Ellens · commit c2bd35b2b699 · 2020-06-11T12:42:19.000+01:00
diff --git a/terraform/iam_sagemaker.tf b/terraform/iam_sagemaker.tf
@@ -1,3 +1,8 @@
+resource "aws_iam_role_policy_attachment" "data_scientist_attach" {
+    role = "switch-role-custom"
+    policy_arn = "arn:aws:iam::aws:policy/job-function/DataScientist"
+}
+
 resource "aws_iam_role" "sm_notebook_instance_role" {
   name = "sm-notebook-instance-role"
 
@@ -87,6 +92,20 @@ resource "aws_iam_policy" "sm_notebook_instance_policy" {
                 "ec2:DescribeRouteTables"
             ],
             "Resource": "*"
+        },
+          {
+            "Sid": "EnforceInstanceType",
+            "Effect": "Allow",
+            "Action": [
+                "sagemaker:CreateTrainingJob",
+                "sagemaker:CreateHyperParameterTuningJob"
+            ],
+            "Resource": "*",
+            "Condition": {
+                "ForAllValues:StringLike": {
+                    "sagemaker:InstanceTypes": ["ml.t2.large"]
+                }
+            }
         },
         {
             "Effect": "Allow",
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -2,12 +2,3 @@ output "basic_notebook_instance_id" {
   value = "${aws_sagemaker_notebook_instance.basic.id}"
 }
 
-output "firehose_delivery_stream_arn" {
-  description = "Firehose Delivery Stream ARN"
-  value       = "${aws_kinesis_firehose_delivery_stream.fraud_detection_firehose_stream.arn}"
-}
-
-output "firehoseDeliveryRoleArn" {
-  description = "Firehose Delivery Role ARN"
-  value       = "${aws_iam_role.fraud_detection_firehose_role.arn}"
-}
diff --git a/terraform/s3_function.tf b/terraform/s3_function.tf
@@ -0,0 +1,35 @@
+resource "aws_s3_bucket" "fraud_detection_function_bucket" {
+  bucket = "${var.function_bucket_name}-${var.aws_region}"
+  acl    = "private"
+
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
+    }
+  }
+
+  tags = {
+    Description = "Bucket hosting the code for fraud_detection Lambda function."
+    Group       = var.default_resource_group
+    CreatedBy   = var.default_created_by
+  }
+}
+
+data "archive_file" "fraud_detection_archive" {
+  type        = "zip"
+  source_file = "${path.module}/../source/fraud_detection/index.py"
+  output_path = "${path.module}/../dist/fraud_detection.zip"
+}
+
+resource "aws_s3_bucket_object" "s3_fraud_detection_archive" {
+  bucket = aws_s3_bucket.fraud_detection_function_bucket.id
+  key    = "fraud-detection-using-machine-learning/${var.function_version}/fraud_detection.zip"
+  source = data.archive_file.fraud_detection_archive.output_path
+
+  # The filemd5() function is available in Terraform 0.11.12 and later
+  # For Terraform 0.11.11 and earlier, use the md5() function and the file() function:
+  # etag = "${md5(file("path/to/file"))}"
+  etag = filemd5(data.archive_file.fraud_detection_archive.output_path) # use md5 of index.py to detect changes in the function
+}
diff --git a/terraform/terraform.tfstate.backup b/terraform/terraform.tfstate.backup
