diff --git a/src/aws.go b/src/aws.go index 0ae1472d..bee4a297 100644 --- a/src/aws.go +++ b/src/aws.go @@ -773,6 +773,30 @@ func AwsLookup(name string) interface{} { "aws_ses_event_destination": awsSesEventDestination, "aws_ses_receipt_filter": awsSesReceiptFilter, "aws_ses_template": awsSesTemplate, + "aws_sagemaker_app": awsSagemakerApp, + "aws_sagemaker_app_image_config": awsSagemakerAppImageConfig, + "aws_sagemaker_code_repository": awsSagemakerCodeRepository, + "aws_sagemaker_data_quality_job_definition": awsSagemakerDataQualityJobDefinition, + "aws_sagemaker_device": awsSagemakerDevice, + "aws_sagemaker_device_fleet": awsSagemakerDeviceFleet, + "aws_sagemaker_domain": awsSagemakerDomain, + "aws_sagemaker_endpoint": awsSagemakerEndpoint, + "aws_sagemaker_feature_group": awsSagemakerFeatureGroup, + "aws_sagemaker_image": awsSagemakerImage, + "aws_sagemaker_image_version": awsSagemakerImageVersion, + "aws_sagemaker_model_package_group": awsSagemakerModelPackageGroup, + "aws_sagemaker_model_package_group_policy": awsSagemakerModelPackageGroupPolicy, + "aws_sagemaker_monitoring_schedule": awsSagemakerMonitoringSchedule, + "aws_sagemaker_notebook_instance": awsSagemakerNotebookInstance, + "aws_sagemaker_notebook_instance_lifecycle_configuration": awsSagemakerNotebookInstanceLifecycleConfiguration, + "aws_sagemaker_pipeline": awsSagemakerPipeline, + "aws_sagemaker_project": awsSagemakerProject, + "aws_sagemaker_servicecatalog_portfolio_status": awsSagemakerServicecatalogPortfolioStatus, + "aws_sagemaker_space": awsSagemakerSpace, + "aws_sagemaker_studio_lifecycle_config": awsSagemakerStudioLifecycleConfig, + "aws_sagemaker_user_profile": awsSagemakerUserProfile, + "aws_sagemaker_workforce": awsSagemakerWorkforce, + "aws_sagemaker_workteam": awsSagemakerWorkteam, } return TFLookup[name] diff --git a/src/coverage/aws.md b/src/coverage/aws.md index 8c9ddcb1..a05272b0 100644 --- a/src/coverage/aws.md +++ b/src/coverage/aws.md @@ -530,32 +530,6 @@ Datasource percentage coverage 100.00 ./resource.ps1 aws_s3control_object_lambda_access_point_policy ./resource.ps1 aws_s3control_storage_lens_configuration ./resource.ps1 aws_s3outposts_endpoint -./resource.ps1 aws_sagemaker_app -./resource.ps1 aws_sagemaker_app_image_config -./resource.ps1 aws_sagemaker_code_repository -./resource.ps1 aws_sagemaker_data_quality_job_definition -./resource.ps1 aws_sagemaker_device -./resource.ps1 aws_sagemaker_device_fleet -./resource.ps1 aws_sagemaker_domain -./resource.ps1 aws_sagemaker_endpoint -./resource.ps1 aws_sagemaker_feature_group -./resource.ps1 aws_sagemaker_flow_definition -./resource.ps1 aws_sagemaker_human_task_ui -./resource.ps1 aws_sagemaker_image -./resource.ps1 aws_sagemaker_image_version -./resource.ps1 aws_sagemaker_model_package_group -./resource.ps1 aws_sagemaker_model_package_group_policy -./resource.ps1 aws_sagemaker_monitoring_schedule -./resource.ps1 aws_sagemaker_notebook_instance -./resource.ps1 aws_sagemaker_notebook_instance_lifecycle_configuration -./resource.ps1 aws_sagemaker_pipeline -./resource.ps1 aws_sagemaker_project -./resource.ps1 aws_sagemaker_servicecatalog_portfolio_status -./resource.ps1 aws_sagemaker_space -./resource.ps1 aws_sagemaker_studio_lifecycle_config -./resource.ps1 aws_sagemaker_user_profile -./resource.ps1 aws_sagemaker_workforce -./resource.ps1 aws_sagemaker_workteam ./resource.ps1 aws_scheduler_schedule ./resource.ps1 aws_scheduler_schedule_group ./resource.ps1 aws_schemas_discoverer diff --git a/src/files.go b/src/files.go index 1f7716f5..411110db 100644 --- a/src/files.go +++ b/src/files.go @@ -1959,3 +1959,75 @@ var awsSesReceiptFilter []byte //go:embed mapping/aws/resource/ses/aws_ses_template.json var awsSesTemplate []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_app.json +var awsSagemakerApp []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_app_image_config.json +var awsSagemakerAppImageConfig []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_code_repository.json +var awsSagemakerCodeRepository []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_data_quality_job_definition.json +var awsSagemakerDataQualityJobDefinition []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_device.json +var awsSagemakerDevice []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_device_fleet.json +var awsSagemakerDeviceFleet []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_domain.json +var awsSagemakerDomain []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_endpoint.json +var awsSagemakerEndpoint []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_feature_group.json +var awsSagemakerFeatureGroup []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_image.json +var awsSagemakerImage []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_image_version.json +var awsSagemakerImageVersion []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_model_package_group.json +var awsSagemakerModelPackageGroup []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_model_package_group_policy.json +var awsSagemakerModelPackageGroupPolicy []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_monitoring_schedule.json +var awsSagemakerMonitoringSchedule []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_notebook_instance.json +var awsSagemakerNotebookInstance []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_notebook_instance_lifecycle_configuration.json +var awsSagemakerNotebookInstanceLifecycleConfiguration []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_pipeline.json +var awsSagemakerPipeline []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_project.json +var awsSagemakerProject []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_servicecatalog_portfolio_status.json +var awsSagemakerServicecatalogPortfolioStatus []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_space.json +var awsSagemakerSpace []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_studio_lifecycle_config.json +var awsSagemakerStudioLifecycleConfig []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_user_profile.json +var awsSagemakerUserProfile []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_workforce.json +var awsSagemakerWorkforce []byte + +//go:embed mapping/aws/resource/sagemaker/aws_sagemaker_workteam.json +var awsSagemakerWorkteam []byte diff --git a/src/mapping/aws/resource/ec2/aws_subnet.json b/src/mapping/aws/resource/ec2/aws_subnet.json index 913600ed..b46bab4e 100644 --- a/src/mapping/aws/resource/ec2/aws_subnet.json +++ b/src/mapping/aws/resource/ec2/aws_subnet.json @@ -4,7 +4,8 @@ "ec2:CreateSubnet", "ec2:DescribeAccountAttributes", "ec2:DescribeSubnets", - "ec2:DeleteSubnet" + "ec2:DeleteSubnet", + "ec2:DescribeNetworkInterfaces" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_app.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_app.json new file mode 100644 index 00000000..f15626a8 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_app.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "sagemaker:CreateApp", + "sagemaker:DeleteApp", + "sagemaker:DescribeApp", + "sagemaker:ListApps" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteApp" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_app_image_config.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_app_image_config.json new file mode 100644 index 00000000..af2309f7 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_app_image_config.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "sagemaker:CreateAppImageConfig", + "sagemaker:DeleteAppImageConfig", + "sagemaker:DescribeAppImageConfig", + "sagemaker:UpdateAppImageConfig" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteAppImageConfig" + ], + "modify": [ + "sagemaker:UpdateAppImageConfig" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_code_repository.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_code_repository.json new file mode 100644 index 00000000..7228d35c --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_code_repository.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "sagemaker:CreateCodeRepository", + "sagemaker:DeleteCodeRepository", + "sagemaker:DescribeCodeRepository", + "sagemaker:UpdateCodeRepository", + "sagemaker:ListTags" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteCodeRepository" + ], + "modify": [ + "sagemaker:UpdateCodeRepository" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_data_quality_job_definition.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_data_quality_job_definition.json new file mode 100644 index 00000000..1acb503a --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_data_quality_job_definition.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "sagemaker:CreateDataQualityJobDefinition", + "sagemaker:DescribeDataQualityJobDefinition", + "sagemaker:DeleteDataQualityJobDefinition", + "sagemaker:UpdateDataQualityJobDefinition" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_device.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_device.json new file mode 100644 index 00000000..6ca9f77f --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_device.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "sagemaker:DescribeDevice", + "sagemaker:RegisterDevices", + "sagemaker:DeregisterDevices" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_device_fleet.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_device_fleet.json new file mode 100644 index 00000000..b0946246 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_device_fleet.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "sagemaker:CreateDeviceFleet", + "sagemaker:DeleteDeviceFleet", + "sagemaker:DescribeDeviceFleet", + "sagemaker:UpdateDeviceFleet", + "iam:PassRole" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteDeviceFleet" + ], + "modify": [ + "sagemaker:UpdateDeviceFleet" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_domain.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_domain.json new file mode 100644 index 00000000..43b0ba93 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_domain.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "sagemaker:CreateDomain", + "sagemaker:DeleteDomain", + "sagemaker:DescribeDomain", + "sagemaker:UpdateDomain", + "iam:CreateServiceLinkedRole" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteDomain" + ], + "modify": [ + "sagemaker:UpdateDomain" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_endpoint.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_endpoint.json new file mode 100644 index 00000000..45dd68a1 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_endpoint.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "sagemaker:CreateEndpoint", + "sagemaker:DeleteEndpoint", + "sagemaker:DescribeEndpoint", + "sagemaker:UpdateEndpoint" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteEndpoint" + ], + "modify": [ + "sagemaker:UpdateEndpoint" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_feature_group.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_feature_group.json new file mode 100644 index 00000000..0548cc84 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_feature_group.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "sagemaker:CreateFeatureGroup", + "sagemaker:DeleteFeatureGroup", + "sagemaker:DescribeFeatureGroup", + "sagemaker:UpdateFeatureGroup", + "iam:PassRole" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteFeatureGroup" + ], + "modify": [ + "sagemaker:UpdateFeatureGroup" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_image.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_image.json new file mode 100644 index 00000000..8b27c04f --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_image.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "sagemaker:CreateImage", + "sagemaker:DeleteImage", + "sagemaker:DescribeImage", + "sagemaker:UpdateImage", + "iam:PassRole" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteImage" + ], + "modify": [ + "sagemaker:UpdateImage" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_image_version.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_image_version.json new file mode 100644 index 00000000..97b2cad9 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_image_version.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "sagemaker:CreateImageVersion", + "sagemaker:DeleteImageVersion", + "sagemaker:DescribeImageVersion", + "sagemaker:UpdateImageVersion" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteImageVersion" + ], + "modify": [ + "sagemaker:UpdateImageVersion" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_model_package_group.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_model_package_group.json new file mode 100644 index 00000000..b271d4e6 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_model_package_group.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "sagemaker:CreateModelPackageGroup", + "sagemaker:DeleteModelPackageGroup", + "sagemaker:DescribeModelPackageGroup" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteModelPackageGroup" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_model_package_group_policy.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_model_package_group_policy.json new file mode 100644 index 00000000..7966a19c --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_model_package_group_policy.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "sagemaker:PutModelPackageGroupPolicy", + "sagemaker:GetModelPackageGroupPolicy", + "sagemaker:DeleteModelPackageGroupPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "sagemaker:DeleteModelPackageGroupPolicy" + ], + "modify": [ + "sagemaker:PutModelPackageGroupPolicy" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_monitoring_schedule.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_monitoring_schedule.json new file mode 100644 index 00000000..7b06dd2c --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_monitoring_schedule.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "sagemaker:CreateMonitoringSchedule", + "sagemaker:DeleteMonitoringSchedule", + "sagemaker:DescribeMonitoringSchedule", + "sagemaker:UpdateMonitoringSchedule" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteMonitoringSchedule" + ], + "modify": [ + "sagemaker:UpdateMonitoringSchedule" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_notebook_instance.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_notebook_instance.json new file mode 100644 index 00000000..fbbada7b --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_notebook_instance.json @@ -0,0 +1,25 @@ +[ + { + "apply": [ + "sagemaker:CreateNotebookInstance", + "sagemaker:DeleteNotebookInstance", + "sagemaker:DescribeNotebookInstance", + "sagemaker:UpdateNotebookInstance", + "sagemaker:StopNotebookInstance", + "iam:PassRole" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteNotebookInstance" + ], + "modify": [ + "sagemaker:UpdateNotebookInstance" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_notebook_instance_lifecycle_configuration.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_notebook_instance_lifecycle_configuration.json new file mode 100644 index 00000000..8858c70a --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_notebook_instance_lifecycle_configuration.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "sagemaker:CreateNotebookInstanceLifecycleConfig", + "sagemaker:DeleteNotebookInstanceLifecycleConfig", + "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:UpdateNotebookInstanceLifecycleConfig" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteNotebookInstanceLifecycleConfig" + ], + "modify": [ + "sagemaker:UpdateNotebookInstanceLifecycleConfig" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_pipeline.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_pipeline.json new file mode 100644 index 00000000..53230502 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_pipeline.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "sagemaker:DescribePipeline", + "sagemaker:CreatePipeline", + "sagemaker:DeletePipeline", + "sagemaker:UpdatePipeline" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeletePipeline" + ], + "modify": [ + "sagemaker:UpdatePipeline" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_project.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_project.json new file mode 100644 index 00000000..d6d9abd7 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_project.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "sagemaker:DescribeProject", + "sagemaker:CreateProject", + "sagemaker:DeleteProject", + "sagemaker:UpdateProject" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteProject" + ], + "modify": [ + "sagemaker:UpdateProject" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_servicecatalog_portfolio_status.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_servicecatalog_portfolio_status.json new file mode 100644 index 00000000..0c03243d --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_servicecatalog_portfolio_status.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "sagemaker:EnableSagemakerServicecatalogPortfolio", + "sagemaker:DisableSagemakerServicecatalogPortfolio", + "servicecatalog:ListAcceptedPortfolioShares", + "sagemaker:GetSagemakerServicecatalogPortfolioStatus" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_space.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_space.json new file mode 100644 index 00000000..1e601a5f --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_space.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "sagemaker:CreateSpace", + "sagemaker:DeleteSpace", + "sagemaker:DescribeSpace", + "sagemaker:UpdateSpace" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteSpace" + ], + "modify": [ + "sagemaker:UpdateSpace" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_studio_lifecycle_config.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_studio_lifecycle_config.json new file mode 100644 index 00000000..bfd9d3f6 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_studio_lifecycle_config.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "sagemaker:CreateStudioLifecycleConfig", + "sagemaker:DeleteStudioLifecycleConfig", + "sagemaker:DescribeStudioLifecycleConfig" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "sagemaker:DeleteStudioLifecycleConfig" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_user_profile.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_user_profile.json new file mode 100644 index 00000000..f2e71ec3 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_user_profile.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "sagemaker:CreateUserProfile", + "sagemaker:DeleteUserProfile", + "sagemaker:DescribeUserProfile", + "sagemaker:UpdateUserProfile" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteUserProfile" + ], + "modify": [ + "sagemaker:UpdateUserProfile" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_workforce.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_workforce.json new file mode 100644 index 00000000..8e20c849 --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_workforce.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "sagemaker:CreateWorkforce", + "sagemaker:DeleteWorkforce", + "sagemaker:DescribeWorkforce", + "sagemaker:UpdateWorkforce" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteWorkforce" + ], + "modify": [ + "sagemaker:UpdateWorkforce" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/sagemaker/aws_sagemaker_workteam.json b/src/mapping/aws/resource/sagemaker/aws_sagemaker_workteam.json new file mode 100644 index 00000000..2e33f7ce --- /dev/null +++ b/src/mapping/aws/resource/sagemaker/aws_sagemaker_workteam.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "sagemaker:CreateWorkteam", + "sagemaker:DeleteWorkteam", + "sagemaker:DescribeWorkteam", + "sagemaker:UpdateWorkteam" + ], + "attributes": { + "tags": [ + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ] + }, + "destroy": [ + "sagemaker:DeleteWorkteam" + ], + "modify": [ + "sagemaker:UpdateWorkteam" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_product.json b/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_product.json index d1113cb5..4efcf2c7 100644 --- a/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_product.json +++ b/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_product.json @@ -13,11 +13,9 @@ ] }, "destroy": [ - "servicecatalog:DeleteProduct", - "servicecatalog:UpdateProduct" + "servicecatalog:DeleteProduct" ], "modify": [ - "servicecatalog:DeleteProduct", "servicecatalog:UpdateProduct" ], "plan": [] diff --git a/terraform/aws/backup/aws_sagemaker_app.tf b/terraform/aws/backup/aws_sagemaker_app.tf new file mode 100644 index 00000000..d2822487 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_app.tf @@ -0,0 +1,9 @@ +resource "aws_sagemaker_app" "pike" { + domain_id = aws_sagemaker_domain.pike.id + user_profile_name = aws_sagemaker_user_profile.pike.user_profile_name + app_name = "example" + app_type = "JupyterServer" + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_app_image_config.tf b/terraform/aws/backup/aws_sagemaker_app_image_config.tf new file mode 100644 index 00000000..c5b5f156 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_app_image_config.tf @@ -0,0 +1,12 @@ +resource "aws_sagemaker_app_image_config" "pike" { + app_image_config_name = "example" + + kernel_gateway_image_config { + kernel_spec { + name = "example" + } + } + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_code_repository.tf b/terraform/aws/backup/aws_sagemaker_code_repository.tf new file mode 100644 index 00000000..a19dbbd7 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_code_repository.tf @@ -0,0 +1,7 @@ +resource "aws_sagemaker_code_repository" "pike" { + code_repository_name = "example" + + git_config { + repository_url = "https://github.com/hashicorp/terraform-provider-aws.git" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_data_quality_job_definition.tf b/terraform/aws/backup/aws_sagemaker_data_quality_job_definition.tf new file mode 100644 index 00000000..45848723 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_data_quality_job_definition.tf @@ -0,0 +1,32 @@ +resource "aws_sagemaker_data_quality_job_definition" "pike" { + name = "my-data-quality-job-definition" + + data_quality_app_specification { + image_uri = data.aws_sagemaker_prebuilt_ecr_image.pike.registry_path + } + data_quality_job_input { + endpoint_input { + endpoint_name = aws_sagemaker_endpoint.pike.name + } + } + data_quality_job_output_config { + monitoring_outputs { + s3_output { + s3_uri = "https://${aws_s3_bucket.pike.bucket_regional_domain_name}/output" + } + } + } + job_resources { + cluster_config { + instance_count = 1 + instance_type = "ml.t3.medium" + volume_size_in_gb = 20 + } + } + role_arn = aws_iam_role.example.arn +} + + +data "aws_sagemaker_prebuilt_ecr_image" "pike" { + repository_name = "blazingtext" +} diff --git a/terraform/aws/backup/aws_sagemaker_device.tf b/terraform/aws/backup/aws_sagemaker_device.tf new file mode 100644 index 00000000..ea1d1bf0 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_device.tf @@ -0,0 +1,7 @@ +resource "aws_sagemaker_device" "pike" { + device_fleet_name = aws_sagemaker_device_fleet.pike.device_fleet_name + + device { + device_name = "example" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_device_fleet.tf b/terraform/aws/backup/aws_sagemaker_device_fleet.tf new file mode 100644 index 00000000..75300635 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_device_fleet.tf @@ -0,0 +1,12 @@ +resource "aws_sagemaker_device_fleet" "pike" { + device_fleet_name = "pike" + role_arn = aws_iam_role.example.arn + + output_config { + s3_output_location = "s3://${aws_s3_bucket.pike.bucket}/ prefix/" + } +} + +resource "aws_s3_bucket" "pike" { + bucket = "pike123456789" +} diff --git a/terraform/aws/backup/aws_sagemaker_domain.tf b/terraform/aws/backup/aws_sagemaker_domain.tf new file mode 100644 index 00000000..d950f756 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_domain.tf @@ -0,0 +1,33 @@ +resource "aws_sagemaker_domain" "pike" { + domain_name = "example" + auth_mode = "IAM" + vpc_id = "vpc-06074a092930bc809" + subnet_ids = [aws_subnet.example.id] + + default_user_settings { + execution_role = aws_iam_role.example.arn + } +} + +resource "aws_iam_role" "example" { + name = "example" + path = "/" + assume_role_policy = data.aws_iam_policy_document.domain.json +} + +data "aws_iam_policy_document" "domain" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "Service" + identifiers = ["sagemaker.amazonaws.com"] + } + } +} + + +resource "aws_subnet" "example" { + vpc_id = "vpc-06074a092930bc809" + cidr_block = "10.0.1.0/24" +} diff --git a/terraform/aws/backup/aws_sagemaker_endpoint.tf b/terraform/aws/backup/aws_sagemaker_endpoint.tf new file mode 100644 index 00000000..4b98d717 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_endpoint.tf @@ -0,0 +1,6 @@ +resource "aws_sagemaker_endpoint" "pike" { + endpoint_config_name = "pike" + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_feature_group.tf b/terraform/aws/backup/aws_sagemaker_feature_group.tf new file mode 100644 index 00000000..0cda0d1c --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_feature_group.tf @@ -0,0 +1,19 @@ +resource "aws_sagemaker_feature_group" "pike" { + feature_group_name = "example" + record_identifier_feature_name = "example" + event_time_feature_name = "example" + role_arn = aws_iam_role.example.arn + + feature_definition { + feature_name = "example" + feature_type = "String" + } + + online_store_config { + enable_online_store = true + } + + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_image.tf b/terraform/aws/backup/aws_sagemaker_image.tf new file mode 100644 index 00000000..0626964c --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_image.tf @@ -0,0 +1,4 @@ +resource "aws_sagemaker_image" "pike" { + image_name = "pike" + role_arn = aws_iam_role.example.arn +} diff --git a/terraform/aws/backup/aws_sagemaker_image_version.tf b/terraform/aws/backup/aws_sagemaker_image_version.tf new file mode 100644 index 00000000..0db1aab7 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_image_version.tf @@ -0,0 +1,4 @@ +resource "aws_sagemaker_image_version" "pike" { + image_name = aws_sagemaker_image.pike.id + base_image = "012345678912.dkr.ecr.us-west-2.amazonaws.com/image:latest" +} diff --git a/terraform/aws/backup/aws_sagemaker_model_package_group.tf b/terraform/aws/backup/aws_sagemaker_model_package_group.tf new file mode 100644 index 00000000..9975f562 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_model_package_group.tf @@ -0,0 +1,6 @@ +resource "aws_sagemaker_model_package_group" "pike" { + model_package_group_name = "pike" + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_model_package_group_policy.tf b/terraform/aws/backup/aws_sagemaker_model_package_group_policy.tf new file mode 100644 index 00000000..0d3691d6 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_model_package_group_policy.tf @@ -0,0 +1,18 @@ +resource "aws_sagemaker_model_package_group_policy" "pike" { + model_package_group_name = aws_sagemaker_model_package_group.pike.model_package_group_name + resource_policy = jsonencode(jsondecode(data.aws_iam_policy_document.example.json)) +} + +data "aws_caller_identity" "current" {} + +data "aws_iam_policy_document" "example" { + statement { + sid = "AddPermModelPackageGroup" + actions = ["sagemaker:DescribeModelPackage", "sagemaker:ListModelPackages"] + resources = [aws_sagemaker_model_package_group.pike.arn] + principals { + identifiers = [data.aws_caller_identity.current.account_id] + type = "AWS" + } + } +} diff --git a/terraform/aws/backup/aws_sagemaker_monitoring_schedule.tf b/terraform/aws/backup/aws_sagemaker_monitoring_schedule.tf new file mode 100644 index 00000000..f5319303 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_monitoring_schedule.tf @@ -0,0 +1,7 @@ +resource "aws_sagemaker_monitoring_schedule" "pike" { + name = "my-monitoring-schedule" + monitoring_schedule_config { + monitoring_job_definition_name = aws_sagemaker_data_quality_job_definition.pike.name + monitoring_type = "DataQuality" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_notebook_instance.tf b/terraform/aws/backup/aws_sagemaker_notebook_instance.tf new file mode 100644 index 00000000..b0581417 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_notebook_instance.tf @@ -0,0 +1,10 @@ +resource "aws_sagemaker_notebook_instance" "pike" { + name = "my-notebook-instance" + role_arn = aws_iam_role.example.arn + instance_type = "ml.t2.medium" + + tags = { + pike = "permissions" + Name = "foo" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_notebook_instance_lifecycle_configuration.tf b/terraform/aws/backup/aws_sagemaker_notebook_instance_lifecycle_configuration.tf new file mode 100644 index 00000000..0b3a4c64 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_notebook_instance_lifecycle_configuration.tf @@ -0,0 +1 @@ +resource "aws_sagemaker_notebook_instance_lifecycle_configuration" "pike" {} diff --git a/terraform/aws/backup/aws_sagemaker_pipeline.tf b/terraform/aws/backup/aws_sagemaker_pipeline.tf new file mode 100644 index 00000000..bc062e62 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_pipeline.tf @@ -0,0 +1,19 @@ +resource "aws_sagemaker_pipeline" "pike" { + pipeline_display_name = "pike" + pipeline_name = "pike" + + pipeline_definition = jsonencode({ + Version = "2020-12-01" + Steps = [{ + Name = "Test" + Type = "Fail" + Arguments = { + ErrorMessage = "test" + } + }] + }) + + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_project.tf b/terraform/aws/backup/aws_sagemaker_project.tf new file mode 100644 index 00000000..38374fa5 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_project.tf @@ -0,0 +1,25 @@ +resource "aws_sagemaker_project" "pike" { + project_name = "pike" + + service_catalog_provisioning_details { + product_id = aws_servicecatalog_product.example.id + } + + tags = { + pike = "permissions" + } +} + +resource "aws_servicecatalog_product" "example" { + name = "example" + owner = "example-owner" + type = "CLOUD_FORMATION_TEMPLATE" + + provisioning_artifact_parameters { + template_url = "https://s3.amazonaws.com/cf-templates-ozkq9d3hgiq2-us-east-1/temp1.json" + } + + tags = { + foo = "bar" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_servicecatalog_portfolio_status.tf b/terraform/aws/backup/aws_sagemaker_servicecatalog_portfolio_status.tf new file mode 100644 index 00000000..84ad68d4 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_servicecatalog_portfolio_status.tf @@ -0,0 +1,3 @@ +resource "aws_sagemaker_servicecatalog_portfolio_status" "pike" { + status = "Enabled" +} diff --git a/terraform/aws/backup/aws_sagemaker_space.tf b/terraform/aws/backup/aws_sagemaker_space.tf new file mode 100644 index 00000000..7bd02fd1 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_space.tf @@ -0,0 +1,4 @@ +resource "aws_sagemaker_space" "pike" { + domain_id = aws_sagemaker_domain.pike.id + space_name = "pike" +} diff --git a/terraform/aws/backup/aws_sagemaker_studio_lifecycle_config.tf b/terraform/aws/backup/aws_sagemaker_studio_lifecycle_config.tf new file mode 100644 index 00000000..fbc7f00d --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_studio_lifecycle_config.tf @@ -0,0 +1,8 @@ +resource "aws_sagemaker_studio_lifecycle_config" "pike" { + studio_lifecycle_config_name = "example" + studio_lifecycle_config_app_type = "JupyterServer" + studio_lifecycle_config_content = base64encode("echo Hello") + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_user_profile.tf b/terraform/aws/backup/aws_sagemaker_user_profile.tf new file mode 100644 index 00000000..de3219d8 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_user_profile.tf @@ -0,0 +1,4 @@ +resource "aws_sagemaker_user_profile" "pike" { + domain_id = aws_sagemaker_domain.pike.id + user_profile_name = "james" +} diff --git a/terraform/aws/backup/aws_sagemaker_workforce.tf b/terraform/aws/backup/aws_sagemaker_workforce.tf new file mode 100644 index 00000000..ce9cb282 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_workforce.tf @@ -0,0 +1,13 @@ +resource "aws_sagemaker_workforce" "pike" { + workforce_name = "pike" + oidc_config { + authorization_endpoint = "https://example.com" + client_id = "example" + client_secret = "example" + issuer = "https://example.com" + jwks_uri = "https://example.com" + logout_endpoint = "https://example.com" + token_endpoint = "https://example.com" + user_info_endpoint = "https://example.com" + } +} diff --git a/terraform/aws/backup/aws_sagemaker_workteam.tf b/terraform/aws/backup/aws_sagemaker_workteam.tf new file mode 100644 index 00000000..c2617f82 --- /dev/null +++ b/terraform/aws/backup/aws_sagemaker_workteam.tf @@ -0,0 +1,15 @@ +resource "aws_sagemaker_workteam" "pike" { + description = "my description" + workforce_name = aws_sagemaker_workforce.pike.id + workteam_name = "pike" + + member_definition { + oidc_member_definition { + groups = ["example"] + } + } + + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf index bb1f3754..318fce87 100644 --- a/terraform/aws/role/aws_iam_policy.basic.tf +++ b/terraform/aws/role/aws_iam_policy.basic.tf @@ -7,40 +7,56 @@ resource "aws_iam_policy" "basic" { "Sid" : "0", "Effect" : "Allow", "Action" : [ - //aws_ses_template - "ses:CreateTemplate", - "ses:GetTemplate", - "ses:DeleteTemplate", - "ses:UpdateTemplate", - //aws_ses_receipt_filter - "ses:CreateReceiptFilter", - "ses:ListReceiptFilters", - "ses:DeleteReceiptFilter", - //aws_ses_email_identity - "ses:VerifyEmailIdentity", - "ses:GetIdentityVerificationAttributes", - "ses:DeleteIdentity", - //aws_ses_configuration_set - "ses:CreateConfigurationSet", - "ses:PutConfigurationSetDeliveryOptions", - "ses:DescribeConfigurationSet", - "ses:DeleteConfigurationSet", - "ses:CreateConfigurationSetTrackingOptions", + //aws_sagemaker_servicecatalog_portfolio_status - //aws_ses_active_receipt_rule_set - "ses:SetActiveReceiptRuleSet", - "ses:ListReceiptRuleSets", - "ses:CreateReceiptRuleSet", - "ses:DescribeReceiptRuleSet", - "ses:DeleteReceiptRuleSet", - "ses:DescribeActiveReceiptRuleSet", - //aws_ses_event_destination - "ses:CreateConfigurationSetEventDestination", - "ses:DeleteConfigurationSetEventDestination", + + + + + + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", + "dynamodb:PutItem", + "iam:CreateRole", + "iam:DeleteRole", + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfilesForRole", + "iam:ListRolePolicies", + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:DeleteObject", + "s3:GetAccelerateConfiguration", + "s3:GetBucketAcl", + "s3:GetBucketCORS", + "s3:GetBucketLogging", + "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketPolicy", + "s3:GetBucketRequestPayment", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetReplicationConfiguration", + "s3:ListBucket", + "s3:PutObject", + "ec2:CreateSubnet", + "ec2:DescribeNetworkInterfaces", + "ec2:CreateVPC", + "ec2:DeleteSubnet", + "ec2:DeleteVPC", + "ec2:DescribeAccountAttributes", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", ], "Resource" : "*",