From 2973a4f2f16fc255b50cfa002ae0273814c1ad19 Mon Sep 17 00:00:00 2001 From: Daniel Roth Date: Mon, 9 Mar 2026 09:39:25 +0000 Subject: [PATCH 1/2] ensure bucket root is included in s3 iam policy rules --- infrastructure/terraform/modules/s3_iam_policy/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/infrastructure/terraform/modules/s3_iam_policy/main.tf b/infrastructure/terraform/modules/s3_iam_policy/main.tf index 397bd963..bb317302 100644 --- a/infrastructure/terraform/modules/s3_iam_policy/main.tf +++ b/infrastructure/terraform/modules/s3_iam_policy/main.tf @@ -1,10 +1,10 @@ # Dynamically build S3 resources list from bucket ARNs and resource paths locals { - # Generate full resource ARNs by combining bucket ARNs with resource paths resources = flatten([ - for bucket_arn in var.bucket_arns : [ - for path in var.resource_paths : "${bucket_arn}${path}" - ] + for bucket_arn in var.bucket_arns : concat( + [bucket_arn], # bare ARN for bucket-level actions like ListBucket + [for path in var.resource_paths : "${bucket_arn}${path}"] + ) ]) } From 4d2305fdd28c2937bed22843a31e33761218791e Mon Sep 17 00:00:00 2001 From: Daniel Roth Date: Mon, 9 Mar 2026 09:40:35 +0000 Subject: [PATCH 2/2] add comment back in --- infrastructure/terraform/modules/s3_iam_policy/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/infrastructure/terraform/modules/s3_iam_policy/main.tf b/infrastructure/terraform/modules/s3_iam_policy/main.tf index bb317302..0ef5c4be 100644 --- a/infrastructure/terraform/modules/s3_iam_policy/main.tf +++ b/infrastructure/terraform/modules/s3_iam_policy/main.tf @@ -1,5 +1,6 @@ # Dynamically build S3 resources list from bucket ARNs and resource paths locals { + # Generate full resource ARNs by combining bucket ARNs with resource paths resources = flatten([ for bucket_arn in var.bucket_arns : concat( [bucket_arn], # bare ARN for bucket-level actions like ListBucket