allow cms to use athena so we can automatically add partitions

gradle.properties

@@ -16,4 +16,4 @@
 
 group=com.nike
 artifactId=cerberus-lifecycle-cli
-version=4.1.0
+version=4.2.0

src/main/java/com/nike/cerberus/command/audit/EnableAuditLoggingForExistingEnvironmentCommand.java

@@ -17,6 +17,7 @@ public class EnableAuditLoggingForExistingEnvironmentCommand implements Command
     public static final String COMMAND_NAME = "enable-audit-logging-for-existing-environment";
     public static final String COMMAND_DESCRIPTION =
             "A Composite command that will will execute the following commands in order: "
+                    + "update-stack --stack-name iam-roles --overwrite-template, "
                     + "create-audit-logging-stack, "
                     + "create-audit-log-athena-db-and-table, "
                     + "enable-audit-logging, "

src/main/java/com/nike/cerberus/operation/audit/CreateAuditAthenaDbAndTableOperation.java

@@ -75,15 +75,6 @@ public void run(CreateAuditAthenaDbAndTableCommand command) {
             throw new RuntimeException("failed to load create athena table template", e);
         }
         log.info(executeAthenaQuery(createAuditTable, bucketName).toString());
-
-        String msg = Chalk.on("ATTENTION: ").red().bold().toString() +
-                "Table creation complete, please note that before you execute queries against '" + tableName + "'\n" +
-                "You will have to run the following query '" + Chalk.on("MSCK REPAIR TABLE " + tableName).green().bold().toString() + "'\n" +
-                "CMS will uploads logs every 5 minutes and creates partition folders for every hour.\n" +
-                "You can automate that query to run every hour or run it before you query audit data.\n" +
-                "That query is free and scans the S3 folders in the audit bucket and add the new partitions (The hour folders)";
-
-        log.info(msg);
     }
 
     @Override

src/main/java/com/nike/cerberus/operation/audit/EnableAuditLoggingForExistingEnvironmentOperation.java

@@ -8,6 +8,7 @@
 import com.nike.cerberus.command.audit.EnableAuditLoggingForExistingEnvironmentCommand;
 import com.nike.cerberus.command.cms.UpdateCmsConfigCommand;
 import com.nike.cerberus.command.core.RebootCmsCommand;
+import com.nike.cerberus.command.core.UpdateStackCommand;
 import com.nike.cerberus.domain.cloudformation.ConfigParameters;
 import com.nike.cerberus.domain.environment.Stack;
 import com.nike.cerberus.operation.composite.ChainableCommand;
@@ -49,10 +50,17 @@ protected List<ChainableCommand> getCompositeCommandChain(EnableAuditLoggingForE
                 ConfigParameters.class).getAccountAdminArn();
 
         return ImmutableList.of(
+                ChainableCommand.Builder.create()
+                        .withCommand(new UpdateStackCommand())
+                        .withOption(UpdateStackCommand.STACK_NAME_LONG_ARG, Stack.IAM_ROLES.getName())
+                        .withAdditionalArg(UpdateStackCommand.OVERWRITE_TEMPLATE_LONG_ARG)
+                        .build(),
+
                 ChainableCommand.Builder.create()
                         .withCommand(new CreateAuditLoggingStackCommand())
                         .withOption(CreateAuditLoggingStackCommand.ADMIN_ROLE_ARN_LONG_ARG, adminArn)
                         .build(),
+
                 new ChainableCommand(new CreateAuditAthenaDbAndTableCommand()),
                 new ChainableCommand(new EnableAuditLoggingCommand()),
                 new ChainableCommand(new UpdateCmsConfigCommand()),

src/main/resources/cloudformation/iam-roles.yaml

@@ -12,6 +12,8 @@ Outputs:
 Resources:
   CmsIamRole:
     Properties:
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/AmazonAthenaFullAccess
       AssumeRolePolicyDocument:
         Statement:
           - Action: