Feat: Adds cognito and memory

2025-10-22 11:24:38 -03:00
parent f71b054dca
commit d37d5132eb
45 changed files with 3983 additions and 0 deletions
--- a/infra/knowledge_base/iam_roles.py
+++ b/infra/knowledge_base/iam_roles.py
@@ -0,0 +1,97 @@
+import json
+import pulumi
+import pulumi_aws as aws
+
+def create_roles_and_policies():
+    # IAM Role (Job Scheduler) 
+    role_job_scheduler = aws.iam.Role("assitente-produtos-servicos-role-role", 
+        assume_role_policy=json.dumps({
+            "Version": "2012-10-17",
+            "Statement": [{
+            "Sid": "AmazonBedrockKnowledgeBaseTrustPolicy",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "bedrock.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole",
+            "Condition": {
+                "StringEquals": {
+                    "aws:SourceAccount": "277048801940"
+                },
+                "ArnLike": {
+                    "aws:SourceArn": "arn:aws:bedrock:us-east-1:277048801940:knowledge-base/*"
+                }
+            }
+        }]
+        }),
+    )
+
+    aws.iam.RolePolicy("assistente-produtos-servicos-role-role-policy",
+        role=role_job_scheduler.id,
+        policy=json.dumps({
+            "Version": "2012-10-17",
+            "Statement": [
+                {
+            "Sid": "BedrockInvokeModelStatement",
+            "Effect": "Allow",
+            "Action": [
+                "bedrock:InvokeModel"
+            ],
+            "Resource": [
+                "arn:aws:bedrock:us-east-1::foundation-model/amazon.titan-embed-text-v2:0"
+            ]
+        },{
+            "Sid": "S3ListBucketStatement",
+            "Effect": "Allow",
+            "Action": [
+                "s3:ListBucket"
+            ],
+            "Resource": [
+                "arn:aws:s3:::frente-corretora-assistente-produtos-servicos-doc-storage"
+            ],
+            "Condition": {
+                "StringEquals": {
+                    "aws:ResourceAccount": [
+                        "277048801940"
+                    ]
+                }
+            }
+        },
+        {
+            "Sid": "S3GetObjectStatement",
+            "Effect": "Allow",
+            "Action": [
+                "s3:GetObject"
+            ],
+            "Resource": [
+                "arn:aws:s3:::frente-corretora-assistente-produtos-servicos-doc-storage/*"
+            ],
+            "Condition": {
+                "StringEquals": {
+                    "aws:ResourceAccount": [
+                        "277048801940"
+                    ]
+                }
+            }
+        },{
+            "Sid": "S3VectorsPermissions",
+            "Effect": "Allow",
+            "Action": [
+                "s3vectors:GetIndex",
+                "s3vectors:QueryVectors",
+                "s3vectors:PutVectors",
+                "s3vectors:GetVectors",
+                "s3vectors:DeleteVectors"
+            ],
+            "Resource": "arn:aws:s3vectors:us-east-1:277048801940:bucket/bedrock-knowledge-base-icy5rp/index/bedrock-knowledge-base-default-index",
+            "Condition": {
+                "StringEquals": {
+                    "aws:ResourceAccount": "277048801940"
+                }
+            }
+        }
+            ]
+        }),
+    )
+
+    return role_job_scheduler