structured-kb-demo/

networkandcode · networkandcode · commit a27418a04ec3 · 2026-05-03T05:15:12.000Z
diff --git a/structured-kb-demo/.env.example b/structured-kb-demo/.env.example
@@ -0,0 +1,11 @@
+ACCOUNT_ID=
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+BUCKET=
+CRAWLER_IAM_POLICY=
+CRAWLER_IAM_ROLE=
+CRAWLER=
+DB=
+FOLDER=
+QUEUE=
+REGION=
diff --git a/structured-kb-demo/arns.py b/structured-kb-demo/arns.py
@@ -0,0 +1,17 @@
+from vars import (
+    ACCOUNT_ID,
+    BUCKET,
+    CRAWLER_IAM_POLICY,
+    CRAWLER_IAM_ROLE,
+    REDSHIFT_IAM_ROLE,
+    REGION,
+    QUEUE,
+)
+
+AWS_MANAGED_GLUE_IAM_POLICY_ARN = "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole"
+AWS_MANAGED_REDSHIFT_IAM_POLICY_ARN = "arn:aws:iam::aws:policy/AmazonRedshiftAllCommandsFullAccess"
+BUCKET_ARN = f"arn:aws:s3:::{BUCKET}"
+CRAWLER_IAM_POLICY_ARN = f"arn:aws:iam::{ACCOUNT_ID}:policy/{CRAWLER_IAM_POLICY}"
+CRAWLER_IAM_ROLE_ARN = f"arn:aws:iam::{ACCOUNT_ID}:role/{CRAWLER_IAM_ROLE}"
+QUEUE_ARN = f"arn:aws:sqs:{REGION}:{ACCOUNT_ID}:{QUEUE}"
+REDSHIFT_IAM_ROLE_ARN = f"arn:aws:iam::{ACCOUNT_ID}:role/{REDSHIFT_IAM_ROLE}"
diff --git a/structured-kb-demo/create_s3_bucket.py b/structured-kb-demo/create_s3_bucket.py
diff --git a/structured-kb-demo/run_glue_crawler.py b/structured-kb-demo/run_glue_crawler.py
@@ -0,0 +1,34 @@
+import time
+
+import boto3
+
+from logger import logger
+from vars import CRAWLER, REGION
+
+def run_glue_crawler(crawler_name):
+    glue = boto3.client("glue", region_name=REGION)
+
+    try:
+        glue.start_crawler(Name=crawler_name)
+        logger.info(f"Crawler started.")
+
+        while True:
+            response = glue.get_crawler(Name=crawler_name)
+            status = response["Crawler"]["State"]
+            
+            if status == "RUNNING":
+                logger.info("Crawler is still running...")
+                time.sleep(30)  # Wait 30 seconds before checking again
+            elif status == "STOPPING":
+                logger.info("Crawler is stopping...")
+                time.sleep(10)
+            else:
+                logger.info(f"Crawler finished. Final State: {status}")
+                break
+                
+    except glue.exceptions.CrawlerRunningException:
+        logger.warning(f"Crawler is already running.")
+    except Exception as e:
+        logger.error(f"Error: {str(e)}")
+
+run_glue_crawler(CRAWLER)
diff --git a/structured-kb-demo/setup_event_notification.py b/structured-kb-demo/setup_event_notification.py
@@ -1,7 +1,8 @@
 import boto3
 
+from arns import QUEUE_ARN
 from logger import logger
-from vars import BUCKET_NAME, QUEUE_ARN
+from vars import BUCKET
 
 s3 = boto3.client("s3")
 
@@ -19,9 +20,9 @@
 
 try:
     s3.put_bucket_notification_configuration(
-        Bucket=BUCKET_NAME,
+        Bucket=BUCKET,
         NotificationConfiguration=notification_configuration
     )
-    print(f"Successfully added event notifications to {BUCKET_NAME}")
+    print(f"Successfully added event notifications")
 except Exception as e:
     print(f"Error: {e}")
diff --git a/structured-kb-demo/setup_glue_crawler.py b/structured-kb-demo/setup_glue_crawler.py
@@ -1,39 +1,37 @@
 import boto3
 
-from vars import ACCOUNT_ID, BUCKET_NAME, DB_NAME, GLUE_CRAWLER_IAM_ROLE, GLUE_CRAWLER_NAME, QUEUE_NAME, REGION
+from arns import CRAWLER_IAM_ROLE_ARN, QUEUE_ARN
+from logger import logger
+from vars import BUCKET, CRAWLER, DB, FOLDER
 
-CRAWLER_IAM_ROLE_ARN = f"arn:aws:iam::842960110593:role/service-role/{GLUE_CRAWLER_IAM_ROLE}"
-S3_PATH = f"s3://{BUCKET_NAME}/"
-SQS_ARN = f"arn:aws:sqs:{REGION}:{ACCOUNT_ID}:{QUEUE_NAME}"
+S3_PATH = f"s3://{BUCKET}/{FOLDER}"
 
 glue = boto3.client("glue", region_name="us-east-1")
 
-try:
-    response = glue.create_crawler(
-        Name=GLUE_CRAWLER_NAME,
-        Role=CRAWLER_IAM_ROLE_ARN,
-        DatabaseName=DB_NAME,
-        Description="Crawler for inventory data triggered by SQS events",
-        Targets={
-            "S3Targets": [
-                {
-                    "Path": S3_PATH,
-                    "EventQueueArn": SQS_ARN # Enables S3 event-aware crawling
-                }
-            ]
-        },
-        # "On-demand" means we don"t provide a Cron schedule
-        SchemaChangePolicy={
-            "UpdateBehavior": "UPDATE_IN_DATABASE",
-            "DeleteBehavior": "DELETE_FROM_DATABASE"
-        },
-        RecrawlPolicy={
-            "RecrawlBehavior": "CRAWL_EVENT_MODE" # Processes only events from SQS
-        }
-    )
-    print(f"Crawler created successfully.")
+CRAWLER_CONFIG = {
+    "Role": CRAWLER_IAM_ROLE_ARN,
+    "DatabaseName": DB,
+    "Description": "Crawler for inventory data triggered by SQS events",
+    "Targets": {
+        "S3Targets": [
+            {
+                "Path": S3_PATH,
+                "EventQueueArn": QUEUE_ARN,
+            }
+        ]
+    },
+    "SchemaChangePolicy": {
+        "UpdateBehavior": "UPDATE_IN_DATABASE",
+        "DeleteBehavior": "DELETE_FROM_DATABASE",
+    },
+    "RecrawlPolicy": {"RecrawlBehavior": "CRAWL_EVENT_MODE"},
+}
 
+try:
+    glue.create_crawler(Name=CRAWLER, **CRAWLER_CONFIG)
+    logger.info("Crawler created successfully.")
 except glue.exceptions.AlreadyExistsException:
-    print(f"Crawler already exists.")
+    glue.update_crawler(Name=CRAWLER, **CRAWLER_CONFIG)
+    logger.info("Crawler already exists. Updated configuration successfully.")
 except Exception as e:
-    print(f"Error creating crawler: {e}")
+    logger.error(f"Error creating crawler: {e}")
diff --git a/structured-kb-demo/setup_glue_crawler_iam_policy.py b/structured-kb-demo/setup_glue_crawler_iam_policy.py
@@ -2,8 +2,10 @@
 
 import json
 
+from arns import BUCKET_ARN, CRAWLER_IAM_POLICY_ARN, QUEUE_ARN
+
 from logger import logger
-from vars import BUCKET_ARN, GLUE_CRAWLER_IAM_POLICY
+from vars import CRAWLER_IAM_POLICY
 
 iam = boto3.client('iam')
 
@@ -23,24 +25,38 @@
         {
             "Effect": "Allow",
             "Action": [
-                "sqs:ReceiveMessage",
                 "sqs:DeleteMessage",
-                "sqs:GetQueueAttributes"
+                "sqs:GetQueueAttributes",
+                "sqs:GetQueueUrl",
+                "sqs:PurgeQueue",
+                "sqs:ReceiveMessage",
+                "sqs:SetQueueAttributes"
             ],
-            "Resource": "arn:aws:sqs:us-east-1:842960110593:structured-kb-demo-queue"
+            "Resource": QUEUE_ARN
         },
     ]
 }
 
 try:
     iam.create_policy(
-        PolicyName=GLUE_CRAWLER_IAM_POLICY,
+        PolicyName=CRAWLER_IAM_POLICY,
         PolicyDocument=json.dumps(policy_document),
         Description='Permissions for Glue Crawler to crawl S3 and use SQS Events'
     )
     logger.info(f"Policy created successfully!")
     
 except iam.exceptions.EntityAlreadyExistsException:
-    logger.error(f"Policy already exists.")
+    logger.info(f"Policy already exists. Updating...")
+    try:
+        # Create a new policy version
+        iam.create_policy_version(
+            PolicyArn=CRAWLER_IAM_POLICY_ARN,
+            PolicyDocument=json.dumps(policy_document),
+            SetAsDefault=True
+        )
+        logger.info(f"Policy updated successfully!")
+    except Exception as e:
+        logger.error(f"Error updating policy: {e}")
+        
 except Exception as e:
     logger.error(f"Error: {e}")
diff --git a/structured-kb-demo/setup_glue_crawler_iam_role.py b/structured-kb-demo/setup_glue_crawler_iam_role.py
@@ -2,8 +2,9 @@
 
 import json
 
+from arns import AWS_MANAGED_GLUE_IAM_POLICY_ARN, CRAWLER_IAM_POLICY_ARN
 from logger import logger
-from vars import ACCOUNT_ID, GLUE_CRAWLER_IAM_POLICY, GLUE_CRAWLER_IAM_ROLE
+from vars import ACCOUNT_ID, CRAWLER_IAM_ROLE
 
 iam = boto3.client("iam")
 
@@ -27,33 +28,31 @@
 
 try:
     iam.create_role(
-        RoleName=GLUE_CRAWLER_IAM_ROLE,
+        RoleName=CRAWLER_IAM_ROLE,
         AssumeRolePolicyDocument=json.dumps(trust_policy)
     )
     logger.info(f"Created role")
 except iam.exceptions.EntityAlreadyExistsException:
-    logger.info(f"Role {GLUE_CRAWLER_IAM_ROLE} already exists.")
+    logger.info(f"Role already exists.")
 
 
 # Get existing attached policies
-response = iam.list_attached_role_policies(RoleName=GLUE_CRAWLER_IAM_ROLE)
+response = iam.list_attached_role_policies(RoleName=CRAWLER_IAM_ROLE)
 attached_policies = [p['PolicyArn'] for p in response.get('AttachedPolicies', [])]
 
-aws_glue_policy = "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole"
-if aws_glue_policy not in attached_policies:
+if AWS_MANAGED_GLUE_IAM_POLICY_ARN not in attached_policies:
     iam.attach_role_policy(
-        RoleName=GLUE_CRAWLER_IAM_ROLE,
-        PolicyArn=aws_glue_policy
+        RoleName=CRAWLER_IAM_ROLE,
+        PolicyArn=AWS_MANAGED_GLUE_IAM_POLICY_ARN
     )
     logger.info("AWS Glue Service Role policy attached.")
 else:
     logger.info("AWS Glue Service Role policy already attached.")
 
-custom_policy = f"arn:aws:iam::{ACCOUNT_ID}:policy/{GLUE_CRAWLER_IAM_POLICY}"
-if custom_policy not in attached_policies:
+if CRAWLER_IAM_POLICY_ARN not in attached_policies:
     iam.attach_role_policy(
-        RoleName=GLUE_CRAWLER_IAM_ROLE,
-        PolicyArn=custom_policy
+        RoleName=CRAWLER_IAM_ROLE,
+        PolicyArn=CRAWLER_IAM_POLICY_ARN
     )
     logger.info("Custom Glue Crawler policy attached.")
 else:
diff --git a/structured-kb-demo/setup_glue_db.py b/structured-kb-demo/setup_glue_db.py
@@ -12,9 +12,9 @@
             'Description': 'Database for Bedrock structured knowledge base demo',
         }
     )
-    logger.info(f"Glue database '{DB_NAME}' created successfully.")
+    logger.info(f"Glue database created successfully.")
     
 except glue.exceptions.AlreadyExistsException:
-    logger.error(f"Database {DB_NAME} already exists.")
+    logger.error(f"Database already exists.")
 except Exception as e:
     logger.error(f"Error creating Glue database: {e}")
diff --git a/structured-kb-demo/setup_redshift_iam_role.py b/structured-kb-demo/setup_redshift_iam_role.py
@@ -0,0 +1,44 @@
+import boto3
+import json
+
+from arns import AWS_MANAGED_REDSHIFT_IAM_POLICY_ARN
+from logger import logger
+from vars import REDSHIFT_IAM_ROLE, REGION
+
+iam = boto3.client("iam", region_name=REGION)
+
+trust_policy = {
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": [
+                    "redshift-serverless.amazonaws.com",
+                    "redshift.amazonaws.com",
+                    "sagemaker.amazonaws.com"
+                ]
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+
+try:
+    iam.create_role(
+        RoleName=REDSHIFT_IAM_ROLE,
+        AssumeRolePolicyDocument=json.dumps(trust_policy),
+        Description="Role for Redshift Serverless to access Glue and S3"
+    )
+    logger.info(f"Created role: {REDSHIFT_IAM_ROLE}")
+
+    iam.attach_role_policy(
+        RoleName=REDSHIFT_IAM_ROLE,
+        PolicyArn=AWS_MANAGED_REDSHIFT_IAM_POLICY_ARN
+    )
+    logger.info(f"Attached AmazonRedshiftAllCommandsFullAccess to {REDSHIFT_IAM_ROLE}")
+
+except iam.exceptions.EntityAlreadyExistsException:
+    logger.warning(f"Role {REDSHIFT_IAM_ROLE} already exists.")
+except Exception as e:
+    logger.error(f"Error: {e}")
diff --git a/structured-kb-demo/setup_redshift_workgroup.py b/structured-kb-demo/setup_redshift_workgroup.py
@@ -0,0 +1,35 @@
+import boto3
+from botocore.exceptions import ClientError
+
+from arns import REDSHIFT_IAM_ROLE_ARN
+from logger import logger
+from vars import REDSHIFT_NAMESPACE, REDSHIFT_WORKGROUP, REGION
+
+redshift_client = boto3.client(
+    "redshift-serverless",
+    region_name=REGION
+)
+
+try:
+    redshift_client.create_namespace(
+        namespaceName=REDSHIFT_NAMESPACE,
+        dbName="dev",
+        iamRoles=[REDSHIFT_IAM_ROLE_ARN],
+        defaultIamRoleArn=REDSHIFT_IAM_ROLE_ARN
+    )
+
+    logger.info("Namespace creation initiated.")
+
+    redshift_client.create_workgroup(
+        workgroupName=REDSHIFT_WORKGROUP,
+        namespaceName=REDSHIFT_NAMESPACE
+    )
+
+    logger.info("Workgroup creation initiated.")
+except ClientError as e:
+    if e.response['Error']['Code'] == 'ConflictException':
+        logger.warning(f"Resource already exists: {e}")
+    else:
+        logger.error(f"Error creating Redshift namespace or workgroup: {e}")
+except Exception as e:
+    logger.error(f"Error creating Redshift namespace or workgroup: {e}")
diff --git a/structured-kb-demo/setup_s3_bucket.py b/structured-kb-demo/setup_s3_bucket.py
@@ -0,0 +1,18 @@
+from logger import logger
+
+import boto3
+from botocore.exceptions import ClientError
+
+from vars import BUCKET, REGION
+
+s3_client = boto3.client('s3', region_name=REGION)
+
+try:
+    s3_client.head_bucket(Bucket=BUCKET)
+    logger.info(f"Bucket already exists")
+except ClientError as e:
+    logger.error(f"Error accessing bucket {BUCKET}: {e}")
+    s3_client.create_bucket(
+        Bucket=BUCKET
+    )
+    logger.info(f"Bucket created successfully")
diff --git a/structured-kb-demo/setup_sqs_queue.py b/structured-kb-demo/setup_sqs_queue.py
diff --git a/structured-kb-demo/upload_csv_to_s3.py b/structured-kb-demo/upload_csv_to_s3.py
diff --git a/structured-kb-demo/vars.py b/structured-kb-demo/vars.py

Original file line number	Diff line number	Diff line change
`@@ -12,9 +12,9 @@`
`12`	`12`	`'Description': 'Database for Bedrock structured knowledge base demo',`
`13`	`13`	`}`
`14`	`14`	`)`
`15`		`- logger.info(f"Glue database '{DB_NAME}' created successfully.")`
	`15`	`+ logger.info(f"Glue database created successfully.")`
`16`	`16`
`17`	`17`	`except glue.exceptions.AlreadyExistsException:`
`18`		`- logger.error(f"Database {DB_NAME} already exists.")`
	`18`	`+ logger.error(f"Database already exists.")`
`19`	`19`	`except Exception as e:`
`20`	`20`	`logger.error(f"Error creating Glue database: {e}")`