From 770e19c59948ebab23ba855e2f8143ac0367c604 Mon Sep 17 00:00:00 2001
From: Daniel Roth <daniel_roth@hotmail.co.uk>
Date: Thu, 5 Mar 2026 09:57:33 +0000
Subject: [PATCH] in policies - reference s3 buckets from the defined modules
 instead of hardcoding bucket names

---
 infrastructure/terraform/lambda/engine/main.tf | 10 ++++++++--
 infrastructure/terraform/shared/main.tf        | 17 ++++++++---------
 2 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/infrastructure/terraform/lambda/engine/main.tf b/infrastructure/terraform/lambda/engine/main.tf
index 23c5261e..6f6b20ce 100644
--- a/infrastructure/terraform/lambda/engine/main.tf
+++ b/infrastructure/terraform/lambda/engine/main.tf
@@ -67,8 +67,14 @@ module "lambda" {
   )
 }
 
-# Policies and IAM
+### Policies and IAM
+# S3
 resource "aws_iam-role_policy_attachment" "engine_s3_read_and_write" {
   role = module.lambda.role_name
   policy_arn = data.terraform_remote_state.shared.outputs.engine_s3_read_and_write_arn
-}
\ No newline at end of file
+}
+
+# Logs
+
+
+# SQS
diff --git a/infrastructure/terraform/shared/main.tf b/infrastructure/terraform/shared/main.tf
index 3253e8e0..c19e3a0c 100644
--- a/infrastructure/terraform/shared/main.tf
+++ b/infrastructure/terraform/shared/main.tf
@@ -473,15 +473,14 @@ module "engine_s3_read_and_write" {
   policy_name        = "EngineReadandWriteS3"
   policy_description = "Allow Engine Lambda to read from and write to various S3 buckets"
   bucket_arns        = [
-    "arn:aws:s3:::retrofit-plan-inputs-${var.stage}",
-    "arn:aws:s3:::retrofit-data-${var.stage}",
-    "arn:aws:s3:::retrofit-sap-predictions-${var.stage}",
-    "arn:aws:s3:::retrofit-carbon-predictions-${var.stage}",
-    "arn:aws:s3:::retrofit-heat-predictions-${var.stage}",
-    "arn:aws:s3:::retrofit-carbon-predictions-${var.stage}",
-    "arn:aws:s3:::retrofit-heating-kwh-predictions-${var.stage}",
-    "arn:aws:s3:::retrofit-hotwater-kwh-predictions-${var.stage}",
-    "arn:aws:s3:::retrofit-energy-assessments-${var.stage}"
+    "arn:aws:s3:::${module.s3_presignable_bucket.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_sap_data.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_sap_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_carbon_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_heat_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_heating_kwh_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_hotwater_kwh_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_energy_assessments.bucket_name}"
   ]
   actions            = ["s3:*"]
   resource_paths     = ["/*"]