From 7a69a7255c0e880721e98f6ca8a300c3523d2eaa Mon Sep 17 00:00:00 2001
From: Khalim Conn-Kowlessar <kconnkowlessar@gmail.com>
Date: Thu, 20 Jul 2023 10:04:50 +0100
Subject: [PATCH] setting iam role to allow it to read from the bucket

---
 serverless.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/serverless.yml b/serverless.yml
index ea1fde84..b0de561d 100644
--- a/serverless.yml
+++ b/serverless.yml
@@ -12,6 +12,18 @@ provider:
     PLAN_TRIGGER_BUCKET: ${env:PLAN_TRIGGER_BUCKET}
     DOMAIN_NAME: ${env:DOMAIN_NAME}
     EPC_AUTH_TOKEN: ${env:EPC_AUTH_TOKEN}
+  # Give lambda access to read from the bucket
+  iam:
+    role:
+      name: fastapi_backend_${env:PLAN_TRIGGER_BUCKET}_access
+      statements:
+        - Effect: Allow
+          Action:
+            - s3:GetObject
+            - s3:ListBucket
+          Resource:
+            - arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}
+            - arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}/*
 
 
 package: