destroy condition

2026-06-08 11:17:27 +00:00 · 2026-02-10 16:17:28 +00:00 · 2026-02-10 16:17:28 +00:00 · 12185bffa6
commit 12185bffa6
parent 0c9dada642
3 changed files with 21 additions and 7 deletions
--- a/.github/workflows/_deploy_lambda.yml
+++ b/.github/workflows/_deploy_lambda.yml
@ -29,6 +29,12 @@ on:
        default: 'false'
        # can only be 'true' or 'false'

+      terraform_destroy:
+        required: false
+        type: string
+        default: 'false'
+        # can only be 'true' or 'false'
+
    secrets:
      AWS_ACCESS_KEY_ID:
        required: true
@ -93,6 +99,11 @@ jobs:
            -out=lambdaplan

      - name: Terraform Apply
-        if: inputs.terraform_apply == 'true' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main'
+        if: (inputs.terraform_apply == 'true' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main') && inputs.terraform_destroy != 'true'
        working-directory: ${{ inputs.lambda_path }}
        run: terraform apply -auto-approve lambdaplan
+
+      - name: Terraform Destroy
+        if: inputs.terraform_destroy == 'true'
+        working-directory: ${{ inputs.lambda_path }}
+        run: terraform destroy -auto-approve
--- a/.github/workflows/deploy_terraform.yml
+++ b/.github/workflows/deploy_terraform.yml
@ -186,6 +186,7 @@ jobs:
      stage: ${{ needs.determine_stage.outputs.stage }}
      ecr_repo: condition-etl-${{ needs.determine_stage.outputs.stage }}
      image_digest: ${{ needs.condition_etl_image.outputs.image_digest }}
+      terraform_destroy: 'true'
    secrets:
      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
--- a/infrastructure/terraform/modules/s3_iam_policy/main.tf
+++ b/infrastructure/terraform/modules/s3_iam_policy/main.tf
@ -16,12 +16,14 @@ resource "aws_iam_policy" "s3_policy" {
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
-      {
-        Effect   = "Allow"
-        Action   = var.actions
-        Resource = local.resources
-        Condition = var.conditions != null ? var.conditions : null
-      }
+      merge(
+        {
+          Effect   = "Allow"
+          Action   = var.actions
+          Resource = local.resources
+        },
+        var.conditions != null ? { Condition = var.conditions } : {}
+      )
    ]
  })