Created
March 29, 2024 20:49
-
-
Save budsonjelmont/a6e7cd30e9f0bc3166c89c3aa5dd41ca to your computer and use it in GitHub Desktop.
Create a role that can import into Omics analytics stores
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import json | |
| region = "us-east-1" | |
| account_id = 666666666666 | |
| policy = { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "omics:GetReference", | |
| "omics:GetReferenceMetadata" | |
| ], | |
| "Resource": [ | |
| "arn:aws:omics:" + region + ":" + str(account_id) + ":referenceStore/*" | |
| ] | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "s3:GetObject" | |
| ], | |
| "Resource": [ | |
| "arn:aws:s3:::gnomad-public-us-east-1/*" | |
| ] | |
| } | |
| ] | |
| } | |
| trust_relations = { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "omics.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole", | |
| "Condition": { | |
| "StringEquals": { | |
| "aws:SourceAccount": str(account_id) | |
| }, | |
| "ArnLike": { | |
| "aws:SourceArn": [ | |
| "arn:aws:omics:" + region + ":"+ str(account_id) + ":variantStore/*", | |
| "arn:aws:omics:" + region + ":" + str(account_id) +":annotationStore/*" | |
| ] | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| # Create IAM client | |
| iam = boto3.client("iam") | |
| # Check if policy exists, and delete it if it does | |
| response = iam.list_policies( | |
| Scope="Local", | |
| OnlyAttached=False | |
| ) | |
| for existing_policy in response["Policies"]: | |
| if existing_policy["PolicyName"] == "omics-annot-store-import-policy": | |
| # Delete policy | |
| iam.delete_policy( | |
| PolicyArn=existing_policy["Arn"] | |
| ) | |
| print("Deleted existing policy " + existing_policy["Arn"]) | |
| break | |
| # Create policy | |
| response = iam.create_policy( | |
| PolicyName="omics-annot-store-import-policy", | |
| PolicyDocument=json.dumps(policy) | |
| ) | |
| # Get policy ARN | |
| policy_arn = response["Policy"]["Arn"] | |
| # Create role | |
| response = iam.create_role( | |
| RoleName="omics-annot-store-import-role", | |
| AssumeRolePolicyDocument=json.dumps(trust_relations) | |
| ) | |
| # Get role ARN | |
| role_arn = response["Role"]["Arn"] | |
| # Attach policy to role | |
| iam.attach_role_policy( | |
| RoleName="omics-annot-store-import-role", | |
| PolicyArn=policy_arn | |
| ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment