From ec7acabaf8215a022a5f1bc25c44bb298346a8c7 Mon Sep 17 00:00:00 2001 From: Daniel Roth Date: Tue, 12 May 2026 11:48:39 +0000 Subject: [PATCH] reinstate deleted policy so it can be unattached from entities --- infrastructure/terraform/shared/main.tf | 26 ++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/infrastructure/terraform/shared/main.tf b/infrastructure/terraform/shared/main.tf index 2c3200de..0a9e87f6 100644 --- a/infrastructure/terraform/shared/main.tf +++ b/infrastructure/terraform/shared/main.tf @@ -280,6 +280,21 @@ output "retrofit_energy_assessments_bucket_name" { description = "Name of the retrofit energy assessments bucket" } +module "energy_assessments_s3_write" { + source = "../modules/s3_iam_policy" + + policy_name = "EnergyAssessmentsWriteS3" + policy_description = "Allow lambdas to write to retrofit energy assessments bucket" + bucket_arns = ["arn:aws:s3:::retrofit-energy-assessments-${var.stage}"] + actions = ["s3:PutObject", "s3:AbortMultipartUpload"] + resource_paths = ["/*"] +} + +output "energy_assessments_s3_write_arn" { + value = module.energy_assessments_s3_write.policy_arn +} + + # Set up the route53 record for the API module "route53" { @@ -568,18 +583,19 @@ module "pashub_to_ara_registry" { stage = var.stage } -module "energy_assessments_s3_write" { +#### TEMP - need to unattach from entities before this can be delete #### +module "pashub_to_ara_s3_write" { source = "../modules/s3_iam_policy" - policy_name = "EnergyAssessmentsWriteS3" - policy_description = "Allow lambdas to write to retrofit energy assessments bucket" + policy_name = "PashubToAraWriteS3" + policy_description = "Allow PasHub to ARA Lambda to write to retrofit energy assessments bucket" bucket_arns = ["arn:aws:s3:::retrofit-energy-assessments-${var.stage}"] actions = ["s3:PutObject", "s3:AbortMultipartUpload"] resource_paths = ["/*"] } -output "energy_assessments_s3_write_arn" { - value = module.energy_assessments_s3_write.policy_arn +output "pashub_to_ara_s3_write_arn" { + value = module.pashub_to_ara_s3_write.policy_arn } ################################################