Give permission to lambda to read from data bucket

2026-06-08 11:17:27 +00:00 · 2023-09-01 19:13:28 +01:00 · 2023-09-01 19:13:28 +01:00 · 4540ed82d1
commit 4540ed82d1
parent 15233849db
3 changed files with 10 additions and 7 deletions
--- a/.github/workflows/deploy_sap_model_lambda.yml
+++ b/.github/workflows/deploy_sap_model_lambda.yml
@ -72,6 +72,7 @@ jobs:
          RUNTIME_ENVIRONMENT: ${{ github.ref_name }}
          MODEL_DIRECTORY_BUCKET: 'retrofit-model-directory-${{ github.ref_name }}'
          PREDICTIONS_BUCKET: 'retrofit-sap-predictions-${{ github.ref_name }}'
+          DATA_BUCKET: 'retrofit-data-${{ github.ref_name }}'
          DOMAIN_NAME: ${{ steps.set_domain.outputs.domain }}
          ECR_URI: ${{ steps.set_ecr_credentials.outputs.ecr_uri }}
          GITHUB_SHA: ${{ github.sha }}
--- a/model_data/simulation_system/handlers/predictions_app.py
+++ b/model_data/simulation_system/handlers/predictions_app.py
@ -19,11 +19,10 @@ def handler(event, context):
    # Assuming a file in a bucket landing for now?
    # Assuming we have a model to use

-    payload = event["body"]
-    data_path = payload["file_location"]
-    property_id = payload["property_id"]
-    portfolio_id = payload["portfolio_id"]
-    created_at = payload["created_at"]
+    data_path = event["file_location"]
+    property_id = event["property_id"]
+    portfolio_id = event["portfolio_id"]
+    created_at = event["created_at"]

    try:
        # We could fix the model path but for the moment, we just take the best model path based on the registry
--- a/sapmodel.serverless.yml
+++ b/sapmodel.serverless.yml
@ -8,6 +8,7 @@ provider:
    RUNTIME_ENVIRONMENT: ${env:RUNTIME_ENVIRONMENT}
    MODEL_DIRECTORY_BUCKET: ${env:MODEL_DIRECTORY_BUCKET}
    PREDICTIONS_BUCKET: ${env:PREDICTIONS_BUCKET}
+    DATA_BUCKET: ${env:DATA_BUCKET}
    DOMAIN_NAME: ${env:DOMAIN_NAME}
    ECR_URI: ${env:ECR_URI}
    GITHUB_SHA: ${env:GITHUB_SHA}
@ -52,7 +53,7 @@ resources:
            PolicyDocument:
              Version: '2012-10-17'
              Statement:
-                # Allow reading from MODEL_DIRECTORY_BUCKET
+                # Allow reading from MODEL_DIRECTORY_BUCKET and DATA_BUCKET
                - Effect: Allow
                  Action:
                    - s3:GetObject
@ -60,6 +61,8 @@ resources:
                  Resource:
                    - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}
                    - arn:aws:s3:::${env:MODEL_DIRECTORY_BUCKET}/*
+                    - arn:aws:s3:::${env:DATA_BUCKET}
+                    - arn:aws:s3:::${env:DATA_BUCKET}/*
                # Allow reading and writing to PREDICTIONS_BUCKET
                - Effect: Allow
                  Action:
@ -68,4 +71,4 @@ resources:
                    - s3:ListBucket
                  Resource:
                    - arn:aws:s3:::${env:PREDICTIONS_BUCKET}
-                    - arn:aws:s3:::${env:PREDICTIONS_BUCKET}/*
+                    - arn:aws:s3:::${env:PREDICTIONS_BUCKET}/*