diff --git a/backend/magic_plan/handler.py b/backend/magic_plan/handler.py index 45de8554..f2c03b90 100644 --- a/backend/magic_plan/handler.py +++ b/backend/magic_plan/handler.py @@ -19,6 +19,7 @@ def handler(body: dict[str, Any], context: Any) -> str: customer_id=settings.MAGICPLAN_CUSTOMER_ID, api_key=settings.MAGICPLAN_API_KEY, ) + # TODO: read s3_bucket from env var so staging/prod use the correct bucket plan: Plan = MagicPlanService(client, s3_bucket="retrofit-energy-assessments-dev").run(payload) logger.info("Saved MagicPlan plan uid=%s", plan.uid) return plan.uid diff --git a/infrastructure/terraform/lambda/magic_plan/main.tf b/infrastructure/terraform/lambda/magic_plan/main.tf index 56adac1b..e2017b42 100644 --- a/infrastructure/terraform/lambda/magic_plan/main.tf +++ b/infrastructure/terraform/lambda/magic_plan/main.tf @@ -15,6 +15,11 @@ locals { db_credentials = jsondecode(data.aws_secretsmanager_secret_version.db_credentials.secret_string) } +resource "aws_iam_role_policy_attachment" "magic_plan_s3_write" { + role = module.lambda.role_name + policy_arn = data.terraform_remote_state.shared.outputs.magic_plan_s3_write_arn +} + module "lambda" { source = "../../modules/lambda_with_sqs" diff --git a/infrastructure/terraform/shared/main.tf b/infrastructure/terraform/shared/main.tf index 050ebdc2..e32ce395 100644 --- a/infrastructure/terraform/shared/main.tf +++ b/infrastructure/terraform/shared/main.tf @@ -745,4 +745,18 @@ module "magic_plan_client_registry" { source = "../modules/container_registry" name = "magic-plan" stage = var.stage +} + +module "magic_plan_s3_write" { + source = "../modules/s3_iam_policy" + + policy_name = "MagicPlanWriteS3" + policy_description = "Allow MagicPlan Lambda to write to retrofit energy assessments bucket" + bucket_arns = ["arn:aws:s3:::retrofit-energy-assessments-${var.stage}"] + actions = ["s3:PutObject", "s3:AbortMultipartUpload"] + resource_paths = ["/*"] +} + +output "magic_plan_s3_write_arn" { + value = module.magic_plan_s3_write.policy_arn } \ No newline at end of file