fast api s3 policy

infrastructure/terraform/lambda/fast-api/main.tf

@@ -122,10 +122,10 @@ module "fastapi" {
 ############################################
 resource "aws_iam_role_policy_attachment" "fastapi_s3_read" {
   role       = module.fastapi.role_name
-  policy_arn = data.terraform_remote_state.shared.outputs.fastapi_s3_read_arn
+  policy_arn = data.terraform_remote_state.shared.outputs.fast_api_s3_read_arn
 }
 
 resource "aws_iam_role_policy_attachment" "fastapi_sqs_send" {
   role       = module.fastapi.role_name
-  policy_arn = data.terraform_remote_state.shared.outputs.fastapi_sqs_send_arn
+  policy_arn = data.terraform_remote_state.shared.outputs.fast_api_sqs_send_arn
 }

infrastructure/terraform/shared/main.tf

@@ -535,3 +535,29 @@ module "ara_fastapi_registry" {
   name   = "ara-fastapi"
   stage = var.stage
 }
+
+# S3 policy for FastAPI app to read and write from various S3 buckets
+module "fast_api_s3_read_and_write" {
+  source = "../modules/s3_iam_policy"
+
+  policy_name        = "FastAPIReadandWriteS3"
+  policy_description = "Allow FastAPI Lambda to read from and write to various S3 buckets"
+  bucket_arns        = [
+    "arn:aws:s3:::${module.s3_presignable_bucket.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_sap_data.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_sap_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_carbon_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_heat_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_heating_kwh_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_hotwater_kwh_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_energy_assessments.bucket_name}"
+  ]
+  actions            = ["s3:GetObject", "s3:ListBucket"]
+  resource_paths     = ["/*"]
+}
+
+output "fast_api_s3_read_and_write_arn" {
+  value = module.fast_api_s3_read_and_write.policy_arn
+}
+
+