Skip to content

Commit 69659e8

Browse files
nhsd-david-wassnhsd-david-wass
committed
moved eventsub s3 policy documents
1 parent 2f2bc2c commit 69659e8

2 files changed

Lines changed: 40 additions & 48 deletions

File tree

infrastructure/terraform/modules/eventsub/module_s3bucket_event_cache.tf

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -126,4 +126,44 @@ data "aws_iam_policy_document" "s3bucket_event_cache" {
126126
]
127127
}
128128
}
129+
statement {
130+
sid = "AllowGlueListBucketAndGetLocation"
131+
effect = "Allow"
132+
133+
principals {
134+
type = "AWS"
135+
identifiers = [var.glue_role_arn]
136+
}
137+
138+
actions = [
139+
"s3:ListBucket",
140+
"s3:GetBucketLocation"
141+
]
142+
143+
resources = [
144+
"arn:aws:s3:::${module.s3bucket_event_cache[0].bucket}"
145+
]
146+
}
147+
148+
# Object-level permissions: Get/Put/Delete objects
149+
statement {
150+
sid = "AllowGlueObjectAccess"
151+
effect = "Allow"
152+
153+
principals {
154+
type = "AWS"
155+
identifiers = [var.glue_role_arn]
156+
}
157+
158+
actions = [
159+
"s3:GetObject",
160+
"s3:GetObjectVersion",
161+
"s3:PutObject",
162+
"s3:DeleteObject"
163+
]
164+
165+
resources = [
166+
"arn:aws:s3:::${module.s3bucket_event_cache[0].bucket}/*"
167+
]
168+
}
129169
}

infrastructure/terraform/modules/eventsub/s3_bucket_policy_eventcache.tf

Lines changed: 0 additions & 48 deletions
This file was deleted.

0 commit comments

Comments
 (0)