Skip to main content

Data bucket and Role

Data bucket created

# ===================
# S3 Bucket for Data
# ===================
# The removal_policy=RemovalPolicy.DESTROY and auto_delete_objects=True properties ensure the bucket and its contents are deleted when you run cdk destroy, which is useful for development and testing. 
        
data_bucket = s3.Bucket(
    self, "PersonalizeDataBucket",
    bucket_name=f"personalize-data-{self.account}-{self.region}",
    removal_policy=RemovalPolicy.DESTROY,
    auto_delete_objects=True,
    versioned=True
)
# Bucket policy for Personalize
data_bucket.add_to_resource_policy(iam.PolicyStatement(
    effect=iam.Effect.ALLOW,
    principals=[iam.ServicePrincipal("personalize.amazonaws.com")],
    actions=["s3:GetObject", "s3:ListBucket"],
    resources=[
        data_bucket.bucket_arn,
        data_bucket.bucket_arn + "/*"
    ]
))

Role for Personalize

# ===================
# IAM Role for Personalize
# ===================
personalize_role = iam.Role(
    self, "PersonalizeRole",
    assumed_by=iam.ServicePrincipal("personalize.amazonaws.com"),
    description="Role for Amazon Personalize to access S3"
)

# Add Personalize permissions
personalize_role.add_to_policy(
    iam.PolicyStatement(
        effect=iam.Effect.ALLOW,
        actions=[
            "s3:GetObject",
            "s3:ListBucket"
        ],
        resources=[
            data_bucket.bucket_arn,
            data_bucket.bucket_arn + "/*"
        ]
    ))