diff --git a/infrastructure/src/api/comfy/get_execute.ts b/infrastructure/src/api/comfy/get_execute.ts index d7accd9c..950af65c 100644 --- a/infrastructure/src/api/comfy/get_execute.ts +++ b/infrastructure/src/api/comfy/get_execute.ts @@ -81,6 +81,7 @@ export class GetExecuteApi { const newRole = new aws_iam.Role(this.scope, `${this.baseId}-role`, { assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'), }); + newRole.addToPolicy(new aws_iam.PolicyStatement({ effect: Effect.ALLOW, actions: [ diff --git a/infrastructure/src/api/comfy/get_prepare.ts b/infrastructure/src/api/comfy/get_prepare.ts index 1a82216c..f488f2e4 100644 --- a/infrastructure/src/api/comfy/get_prepare.ts +++ b/infrastructure/src/api/comfy/get_prepare.ts @@ -85,6 +85,7 @@ export class GetPrepareApi { const newRole = new aws_iam.Role(this.scope, `${this.baseId}-role`, { assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'), }); + newRole.addToPolicy(new aws_iam.PolicyStatement({ effect: Effect.ALLOW, actions: [ diff --git a/infrastructure/src/api/comfy/get_sync_msg.ts b/infrastructure/src/api/comfy/get_sync_msg.ts index 4c315e16..dcb8f457 100644 --- a/infrastructure/src/api/comfy/get_sync_msg.ts +++ b/infrastructure/src/api/comfy/get_sync_msg.ts @@ -90,6 +90,7 @@ export class GetSyncMsgApi { const newRole = new aws_iam.Role(this.scope, `${this.baseId}-role`, { assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'), }); + newRole.addToPolicy(new aws_iam.PolicyStatement({ effect: Effect.ALLOW, actions: [ diff --git a/infrastructure/src/api/comfy/prepare.ts b/infrastructure/src/api/comfy/prepare.ts index a208389e..6855a33a 100644 --- a/infrastructure/src/api/comfy/prepare.ts +++ b/infrastructure/src/api/comfy/prepare.ts @@ -65,6 +65,7 @@ export class PrepareApi { const newRole = new aws_iam.Role(this.scope, `${this.baseId}-role`, { assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'), }); + newRole.addToPolicy(new aws_iam.PolicyStatement({ effect: Effect.ALLOW, actions: [ @@ -148,6 +149,7 @@ export class PrepareApi { proxy: true, }, ); + this.router.addMethod(this.httpMethod, lambdaIntegration, { apiKeyRequired: true, requestValidator: this.requestValidator, diff --git a/infrastructure/src/api/comfy/query_execute.ts b/infrastructure/src/api/comfy/query_execute.ts index 7803a7e8..2fc91a49 100644 --- a/infrastructure/src/api/comfy/query_execute.ts +++ b/infrastructure/src/api/comfy/query_execute.ts @@ -74,6 +74,7 @@ export class QueryExecuteApi { const newRole = new aws_iam.Role(this.scope, `${this.baseId}-role`, { assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'), }); + newRole.addToPolicy(new aws_iam.PolicyStatement({ effect: Effect.ALLOW, actions: [ diff --git a/infrastructure/src/api/comfy/sync_msg.ts b/infrastructure/src/api/comfy/sync_msg.ts index 5ef0c743..2fb4c225 100644 --- a/infrastructure/src/api/comfy/sync_msg.ts +++ b/infrastructure/src/api/comfy/sync_msg.ts @@ -64,6 +64,7 @@ export class SyncMsgApi { const newRole = new aws_iam.Role(this.scope, `${this.baseId}-role`, { assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'), }); + newRole.addToPolicy(new aws_iam.PolicyStatement({ effect: Effect.ALLOW, actions: [ @@ -120,6 +121,7 @@ export class SyncMsgApi { ], resources: ['*'], })); + return newRole; } diff --git a/infrastructure/src/api/datasets/create-dataset.ts b/infrastructure/src/api/datasets/create-dataset.ts index 9652a3b8..fecfe1b2 100644 --- a/infrastructure/src/api/datasets/create-dataset.ts +++ b/infrastructure/src/api/datasets/create-dataset.ts @@ -53,6 +53,7 @@ export class CreateDatasetApi { const newRole = new aws_iam.Role(this.scope, `${this.baseId}-role`, { assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'), }); + newRole.addToPolicy(new aws_iam.PolicyStatement({ effect: Effect.ALLOW, actions: [ diff --git a/infrastructure/src/api/datasets/update-dataset.ts b/infrastructure/src/api/datasets/update-dataset.ts index 8970ddda..02954639 100644 --- a/infrastructure/src/api/datasets/update-dataset.ts +++ b/infrastructure/src/api/datasets/update-dataset.ts @@ -53,6 +53,7 @@ export class UpdateDatasetApi { const newRole = new aws_iam.Role(this.scope, `${this.baseId}-update-role`, { assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'), }); + newRole.addToPolicy(new aws_iam.PolicyStatement({ effect: Effect.ALLOW, actions: [ diff --git a/infrastructure/src/api/endpoints/list-endpoints.ts b/infrastructure/src/api/endpoints/list-endpoints.ts index fa27e303..a8c1d626 100644 --- a/infrastructure/src/api/endpoints/list-endpoints.ts +++ b/infrastructure/src/api/endpoints/list-endpoints.ts @@ -43,6 +43,7 @@ export class ListEndpointsApi { const newRole = new aws_iam.Role(this.scope, `${this.baseId}-role`, { assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'), }); + newRole.addToPolicy(new aws_iam.PolicyStatement({ effect: Effect.ALLOW, actions: [ diff --git a/infrastructure/src/api/inferences/list-inferences.ts b/infrastructure/src/api/inferences/list-inferences.ts index d9de6c3c..3ae79abb 100644 --- a/infrastructure/src/api/inferences/list-inferences.ts +++ b/infrastructure/src/api/inferences/list-inferences.ts @@ -46,6 +46,7 @@ export class ListInferencesApi { const newRole = new aws_iam.Role(this.scope, `${this.baseId}-role`, { assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'), }); + newRole.addToPolicy(new aws_iam.PolicyStatement({ effect: Effect.ALLOW, actions: [ diff --git a/infrastructure/src/api/roles/create-role.ts b/infrastructure/src/api/roles/create-role.ts index ba55fa98..396aa646 100644 --- a/infrastructure/src/api/roles/create-role.ts +++ b/infrastructure/src/api/roles/create-role.ts @@ -71,6 +71,7 @@ export class CreateRoleApi { ], resources: ['*'], })); + return newRole; } diff --git a/infrastructure/src/api/roles/delete-roles.ts b/infrastructure/src/api/roles/delete-roles.ts index cb6c7564..bf1c4008 100644 --- a/infrastructure/src/api/roles/delete-roles.ts +++ b/infrastructure/src/api/roles/delete-roles.ts @@ -144,7 +144,6 @@ export class DeleteRolesApi { layers: [this.layer], }); - const lambdaIntegration = new LambdaIntegration( lambdaFunction, { @@ -152,7 +151,6 @@ export class DeleteRolesApi { }, ); - this.router.addMethod( this.httpMethod, lambdaIntegration, diff --git a/infrastructure/src/api/roles/list-roles.ts b/infrastructure/src/api/roles/list-roles.ts index 2b7cece2..478c5c44 100644 --- a/infrastructure/src/api/roles/list-roles.ts +++ b/infrastructure/src/api/roles/list-roles.ts @@ -39,6 +39,7 @@ export class ListRolesApi { const newRole = new aws_iam.Role(this.scope, `${this.baseId}-role`, { assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'), }); + newRole.addToPolicy(new aws_iam.PolicyStatement({ effect: Effect.ALLOW, actions: [ diff --git a/infrastructure/src/api/service/ping.ts b/infrastructure/src/api/service/ping.ts index 981ca415..381c6af4 100644 --- a/infrastructure/src/api/service/ping.ts +++ b/infrastructure/src/api/service/ping.ts @@ -72,7 +72,6 @@ export class PingApi { layers: [this.layer], }); - const lambdaIntegration = new LambdaIntegration( lambdaFunction, { @@ -80,7 +79,6 @@ export class PingApi { }, ); - this.router.addMethod( this.httpMethod, lambdaIntegration, diff --git a/infrastructure/src/api/trainings/delete-training-jobs.ts b/infrastructure/src/api/trainings/delete-training-jobs.ts index 57c4d54a..d9b75d83 100644 --- a/infrastructure/src/api/trainings/delete-training-jobs.ts +++ b/infrastructure/src/api/trainings/delete-training-jobs.ts @@ -115,7 +115,6 @@ export class DeleteTrainingJobsApi { layers: [this.layer], }); - const lambdaIntegration = new LambdaIntegration( lambdaFunction, { proxy: true }, diff --git a/infrastructure/src/api/users/create-user.ts b/infrastructure/src/api/users/create-user.ts index 705f0596..d68d1e25 100644 --- a/infrastructure/src/api/users/create-user.ts +++ b/infrastructure/src/api/users/create-user.ts @@ -46,6 +46,7 @@ export class CreateUserApi { const newRole = new aws_iam.Role(this.scope, `${this.baseId}-role`, { assumedBy: new aws_iam.ServicePrincipal('lambda.amazonaws.com'), }); + newRole.addToPolicy(new aws_iam.PolicyStatement({ effect: Effect.ALLOW, actions: [ @@ -86,6 +87,7 @@ export class CreateUserApi { ], resources: ['*'], })); + return newRole; } @@ -156,7 +158,6 @@ export class CreateUserApi { layers: [this.layer], }); - const lambdaIntegration = new aws_apigateway.LambdaIntegration( lambdaFunction, { diff --git a/infrastructure/src/shared/inference.ts b/infrastructure/src/shared/inference.ts index 9dce1086..606be13b 100644 --- a/infrastructure/src/shared/inference.ts +++ b/infrastructure/src/shared/inference.ts @@ -182,7 +182,6 @@ export class Inference { handler.addToRolePolicy(ddbStatement); handler.addToRolePolicy(snsStatement); - // Add the SNS topic as an event source for the Lambda function handler.addEventSource( new eventSources.SnsEventSource(props.inferenceResultTopic),