lindsaygelle · lindsaygelle · May 30, 2024 · May 29, 2024
@@ -50,6 +50,19 @@ data "aws_iam_policy_document" "assume_role_sfn_state_machine_rekognition_detect
   }
 }
 
+data "aws_iam_policy_document" "assume_role_sfn_state_machine_rekognition_detect_text" {
+  statement {
+    actions = [
+      "sts:AssumeRole"
+    ]
+    effect = "Allow"
+    principals {
+      identifiers = ["states.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
 data "aws_iam_policy_document" "sfn_state_machine_rekognition_detect_faces" {
   statement {
     actions = [
@@ -189,3 +202,38 @@ data "aws_iam_policy_document" "sfn_state_machine_rekognition_detect_protective_
     ]
   }
 }
+
+data "aws_iam_policy_document" "sfn_state_machine_rekognition_detect_text" {
+  statement {
+    actions = [
+      "s3:GetObject",
+      "s3:GetObjectAttributes",
+      "s3:GetObjectVersion"
+    ]
+    effect = "Allow"
+    resources = [
+      "${aws_s3_bucket.main.arn}/${aws_s3_object.images.key}*"
+    ]
+  }
+
+  statement {
+    actions = [
+      "s3:GetBucketVersioning",
+      "s3:ListBucket"
+    ]
+    effect = "Allow"
+    resources = [
+      "${aws_s3_bucket.main.arn}"
+    ]
+  }
+
+  statement {
+    actions = [
+      "rekognition:DetectText"
+    ]
+    effect = "Allow"
+    resources = [
+      "*"
+    ]
+  }
+}
@@ -57,3 +57,18 @@ resource "aws_iam_role" "sfn_state_machine_rekognition_detect_protective_equipme
     workspace                   = terraform.workspace
   }
 }
+
+resource "aws_iam_role" "sfn_state_machine_rekognition_detect_text" {
+  assume_role_policy = data.aws_iam_policy_document.assume_role_sfn_state_machine_rekognition_detect_text.json
+  name               = "sfn-state-machine-rekognition-detect-text"
+  path               = "/${local.organization}/"
+  tags = {
+    caller_identity_account_arn = data.aws_caller_identity.main.arn
+    caller_identity_account_id  = data.aws_caller_identity.main.account_id
+    caller_identity_user_id     = data.aws_caller_identity.main.user_id
+    canonical_user_id           = data.aws_canonical_user_id.main.id
+    organization                = local.organization
+    region                      = data.aws_region.main.name
+    workspace                   = terraform.workspace
+  }
+}
@@ -17,3 +17,8 @@ resource "aws_iam_role_policy" "sfn_state_machine_rekognition_detect_protective_
   policy = data.aws_iam_policy_document.sfn_state_machine_rekognition_detect_protective_equipment.json
   role   = aws_iam_role.sfn_state_machine_rekognition_detect_protective_equipment.id
 }
+
+resource "aws_iam_role_policy" "sfn_state_machine_rekognition_detect_text" {
+  policy = data.aws_iam_policy_document.sfn_state_machine_rekognition_detect_text.json
+  role   = aws_iam_role.sfn_state_machine_rekognition_detect_text.id
+}
@@ -69,3 +69,21 @@ resource "aws_sfn_state_machine" "rekognition_detect_protective_equipment" {
     workspace                   = terraform.workspace
   }
 }
+
+resource "aws_sfn_state_machine" "rekognition_detect_text" {
+  definition = templatefile("./state_machine/RekognitionDetectText.json", {})
+  name       = "rekognition-detect-text"
+  role_arn   = aws_iam_role.sfn_state_machine_rekognition_detect_text.arn
+  tags = {
+    bucket                      = aws_s3_bucket.main.bucket
+    bucket_key                  = aws_s3_object.images.key
+    caller_identity_account_arn = data.aws_caller_identity.main.arn
+    caller_identity_account_id  = data.aws_caller_identity.main.account_id
+    caller_identity_user_id     = data.aws_caller_identity.main.user_id
+    canonical_user_id           = data.aws_canonical_user_id.main.id
+    organization                = local.organization
+    rekognition                 = "DetectText"
+    region                      = data.aws_region.main.name
+    workspace                   = terraform.workspace
+  }
+}