diff --git a/automated-deployment/README.md b/automated-deployment/README.md index 3c9861f..0cc4f35 100644 --- a/automated-deployment/README.md +++ b/automated-deployment/README.md @@ -61,9 +61,13 @@ This guide explains how to deploy the AWS Glue data catalog utility in both the }, "Action": [ "s3:GetBucketLocation", - "s3:ListBucket" + "s3:ListBucket", + "s3:GetObject" ], - "Resource": "arn:aws:s3:::import-large-table-b2465b90-638f-11ea-8000-0a52752701a6" + "Resource": [ + "arn:aws:s3:::import-large-table-b2465b90-638f-11ea-8000-0a52752701a6", + "arn:aws:s3:::import-large-table-b2465b90-638f-11ea-8000-0a52752701a6/*" + ] } ] } diff --git a/automated-deployment/source-account/deploy.sh b/automated-deployment/source-account/deploy.sh index 3c740b3..ae04f67 100755 --- a/automated-deployment/source-account/deploy.sh +++ b/automated-deployment/source-account/deploy.sh @@ -36,9 +36,9 @@ if ! $pflag then echo "-p not specified, using default..." >&2 PROFILE="default" - SOURCE_REGION=$(aws configure get region --profile ${PROFILE}) - SOURCE_ACCOUNT=$(aws sts get-caller-identity --profile ${PROFILE} | python3 -c "import sys, json; print(json.load(sys.stdin)['Account'])") fi +SOURCE_REGION=$(aws configure get region --profile ${PROFILE}) +SOURCE_ACCOUNT=$(aws sts get-caller-identity --profile ${PROFILE} | python3 -c "import sys, json; print(json.load(sys.stdin)['Account'])") if ! $sflag then S3_BUCKET=glue-data-catalog-replication-$SOURCE_REGION-$SOURCE_ACCOUNT @@ -110,6 +110,6 @@ else fi echo "Subscribing Target account to SNS Schema Distribution topic..." -aws sns add-permission --label lambda-access --aws-account-id $TARGET_ACCOUNT \ +aws sns add-permission --profile $PROFILE --label lambda-access --aws-account-id $TARGET_ACCOUNT \ --topic-arn arn:aws:sns:$SOURCE_REGION:$SOURCE_ACCOUNT:SchemaDistributionSNSTopic \ --action-name Subscribe ListSubscriptionsByTopic Receive \ No newline at end of file diff --git a/automated-deployment/target-account/deploy.sh b/automated-deployment/target-account/deploy.sh index 5f2d11c..0676574 100755 --- a/automated-deployment/target-account/deploy.sh +++ b/automated-deployment/target-account/deploy.sh @@ -45,9 +45,9 @@ if ! $pflag then echo "-p not specified, using default..." >&2 PROFILE="default" - TARGET_REGION=$(aws configure get region --profile ${PROFILE}) - TARGET_ACCOUNT=$(aws sts get-caller-identity --profile ${PROFILE} | python3 -c "import sys, json; print(json.load(sys.stdin)['Account'])") fi +TARGET_REGION=$(aws configure get region --profile ${PROFILE}) +TARGET_ACCOUNT=$(aws sts get-caller-identity --profile ${PROFILE} | python3 -c "import sys, json; print(json.load(sys.stdin)['Account'])") if ! $sflag then S3_BUCKET=glue-data-catalog-replication-$TARGET_REGION-$TARGET_ACCOUNT @@ -117,11 +117,11 @@ else fi echo "Subscribing Lambda to Source SNS Schema Distribution topic..." -aws lambda add-permission --function-name ImportLambda \ +aws lambda add-permission --profile $PROFILE --function-name ImportLambda \ --source-arn arn:aws:sns:$SOURCE_REGION:$SOURCE_ACCOUNT:SchemaDistributionSNSTopic \ --statement-id sns-x-account --action "lambda:InvokeFunction" \ --principal sns.amazonaws.com -aws sns subscribe --region $SOURCE_REGION --protocol lambda \ +aws sns subscribe --profile $PROFILE --region $SOURCE_REGION --protocol lambda \ --topic-arn arn:aws:sns:$SOURCE_REGION:$SOURCE_ACCOUNT:SchemaDistributionSNSTopic \ --notification-endpoint arn:aws:lambda:$TARGET_REGION:$TARGET_ACCOUNT:function:ImportLambda \ No newline at end of file