Skip to content

Commit

Permalink
Dev (#22)
Browse files Browse the repository at this point in the history
  • Loading branch information
lindsaygelle committed May 30, 2024
1 parent 37148f8 commit e8eec46
Show file tree
Hide file tree
Showing 6 changed files with 1,368 additions and 0 deletions.
77 changes: 77 additions & 0 deletions aws_iam_policy_document.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,16 @@
data "aws_iam_policy_document" "assume_role_sfn_state_machine_rekognition" {
statement {
actions = [
"sts:AssumeRole"
]
effect = "Allow"
principals {
identifiers = ["states.amazonaws.com"]
type = "Service"
}
}
}

data "aws_iam_policy_document" "assume_role_sfn_state_machine_rekognition_detect_faces" {
statement {
actions = [
Expand Down Expand Up @@ -50,6 +63,35 @@ data "aws_iam_policy_document" "assume_role_sfn_state_machine_rekognition_detect
}
}

data "aws_iam_policy_document" "assume_role_sfn_state_machine_rekognition_detect_text" {
statement {
actions = [
"sts:AssumeRole"
]
effect = "Allow"
principals {
identifiers = ["states.amazonaws.com"]
type = "Service"
}
}
}

data "aws_iam_policy_document" "sfn_state_machine_rekognition" {
statement {
actions = [
"states:StartExecution"
]
effect = "Allow"
resources = [
"${aws_sfn_state_machine.rekognition_detect_faces.arn}",
"${aws_sfn_state_machine.rekognition_detect_labels.arn}",
"${aws_sfn_state_machine.rekognition_detect_moderation_labels.arn}",
"${aws_sfn_state_machine.rekognition_detect_protective_equipment.arn}",
"${aws_sfn_state_machine.rekognition_detect_text.arn}"
]
}
}

data "aws_iam_policy_document" "sfn_state_machine_rekognition_detect_faces" {
statement {
actions = [
Expand Down Expand Up @@ -189,3 +231,38 @@ data "aws_iam_policy_document" "sfn_state_machine_rekognition_detect_protective_
]
}
}

data "aws_iam_policy_document" "sfn_state_machine_rekognition_detect_text" {
statement {
actions = [
"s3:GetObject",
"s3:GetObjectAttributes",
"s3:GetObjectVersion"
]
effect = "Allow"
resources = [
"${aws_s3_bucket.main.arn}/${aws_s3_object.images.key}*"
]
}

statement {
actions = [
"s3:GetBucketVersioning",
"s3:ListBucket"
]
effect = "Allow"
resources = [
"${aws_s3_bucket.main.arn}"
]
}

statement {
actions = [
"rekognition:DetectText"
]
effect = "Allow"
resources = [
"*"
]
}
}
30 changes: 30 additions & 0 deletions aws_iam_role.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,18 @@
resource "aws_iam_role" "sfn_state_machine_rekognition" {
assume_role_policy = data.aws_iam_policy_document.assume_role_sfn_state_machine_rekognition.json
name = "sfn-state-machine-rekognition"
path = "/${local.organization}/"
tags = {
caller_identity_account_arn = data.aws_caller_identity.main.arn
caller_identity_account_id = data.aws_caller_identity.main.account_id
caller_identity_user_id = data.aws_caller_identity.main.user_id
canonical_user_id = data.aws_canonical_user_id.main.id
organization = local.organization
region = data.aws_region.main.name
workspace = terraform.workspace
}
}

resource "aws_iam_role" "sfn_state_machine_rekognition_detect_faces" {
assume_role_policy = data.aws_iam_policy_document.assume_role_sfn_state_machine_rekognition_detect_faces.json
name = "sfn-state-machine-rekognition-detect-faces"
Expand Down Expand Up @@ -57,3 +72,18 @@ resource "aws_iam_role" "sfn_state_machine_rekognition_detect_protective_equipme
workspace = terraform.workspace
}
}

resource "aws_iam_role" "sfn_state_machine_rekognition_detect_text" {
assume_role_policy = data.aws_iam_policy_document.assume_role_sfn_state_machine_rekognition_detect_text.json
name = "sfn-state-machine-rekognition-detect-text"
path = "/${local.organization}/"
tags = {
caller_identity_account_arn = data.aws_caller_identity.main.arn
caller_identity_account_id = data.aws_caller_identity.main.account_id
caller_identity_user_id = data.aws_caller_identity.main.user_id
canonical_user_id = data.aws_canonical_user_id.main.id
organization = local.organization
region = data.aws_region.main.name
workspace = terraform.workspace
}
}
10 changes: 10 additions & 0 deletions aws_iam_role_policy.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
resource "aws_iam_role_policy" "sfn_state_machine_rekognition" {
policy = data.aws_iam_policy_document.sfn_state_machine_rekognition.json
role = aws_iam_role.sfn_state_machine_rekognition.id
}

resource "aws_iam_role_policy" "sfn_state_machine_rekognition_detect_faces" {
policy = data.aws_iam_policy_document.sfn_state_machine_rekognition_detect_faces.json
role = aws_iam_role.sfn_state_machine_rekognition_detect_faces.id
Expand All @@ -17,3 +22,8 @@ resource "aws_iam_role_policy" "sfn_state_machine_rekognition_detect_protective_
policy = data.aws_iam_policy_document.sfn_state_machine_rekognition_detect_protective_equipment.json
role = aws_iam_role.sfn_state_machine_rekognition_detect_protective_equipment.id
}

resource "aws_iam_role_policy" "sfn_state_machine_rekognition_detect_text" {
policy = data.aws_iam_policy_document.sfn_state_machine_rekognition_detect_text.json
role = aws_iam_role.sfn_state_machine_rekognition_detect_text.id
}
35 changes: 35 additions & 0 deletions aws_sfn_state_machine.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,20 @@
resource "aws_sfn_state_machine" "rekognition" {
definition = templatefile("./state_machine/Rekognition.json", {})
name = "rekognition"
role_arn = aws_iam_role.sfn_state_machine_rekognition.arn
tags = {
bucket = aws_s3_bucket.main.bucket
bucket_key = aws_s3_object.images.key
caller_identity_account_arn = data.aws_caller_identity.main.arn
caller_identity_account_id = data.aws_caller_identity.main.account_id
caller_identity_user_id = data.aws_caller_identity.main.user_id
canonical_user_id = data.aws_canonical_user_id.main.id
organization = local.organization
region = data.aws_region.main.name
workspace = terraform.workspace
}
}

resource "aws_sfn_state_machine" "rekognition_detect_faces" {
definition = templatefile("./state_machine/RekognitionDetectFaces.json", {})
name = "rekognition-detect-faces"
Expand Down Expand Up @@ -69,3 +86,21 @@ resource "aws_sfn_state_machine" "rekognition_detect_protective_equipment" {
workspace = terraform.workspace
}
}

resource "aws_sfn_state_machine" "rekognition_detect_text" {
definition = templatefile("./state_machine/RekognitionDetectText.json", {})
name = "rekognition-detect-text"
role_arn = aws_iam_role.sfn_state_machine_rekognition_detect_text.arn
tags = {
bucket = aws_s3_bucket.main.bucket
bucket_key = aws_s3_object.images.key
caller_identity_account_arn = data.aws_caller_identity.main.arn
caller_identity_account_id = data.aws_caller_identity.main.account_id
caller_identity_user_id = data.aws_caller_identity.main.user_id
canonical_user_id = data.aws_canonical_user_id.main.id
organization = local.organization
rekognition = "DetectText"
region = data.aws_region.main.name
workspace = terraform.workspace
}
}
23 changes: 23 additions & 0 deletions state_machine/Rekognition.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
{
"Comment": "A description of my state machine",
"StartAt": "Map",
"States": {
"Map": {
"Type": "Map",
"ItemProcessor": {
"ProcessorConfig": {
"Mode": "INLINE"
},
"StartAt": "Pass",
"States": {
"Pass": {
"Type": "Pass",
"End": true
}
}
},
"End": true,
"ItemsPath": "$"
}
}
}
Loading

0 comments on commit e8eec46

Please sign in to comment.