combine s3 write policies into one and apply to pashub and magicplan lambdas

2026-06-08 11:17:27 +00:00 · 2026-05-08 15:44:14 +00:00 · 2026-05-08 15:44:14 +00:00 · aadf73ed87
commit aadf73ed87
parent 1243690d10
3 changed files with 7 additions and 20 deletions
--- a/infrastructure/terraform/lambda/magic_plan/main.tf
+++ b/infrastructure/terraform/lambda/magic_plan/main.tf
@ -17,7 +17,7 @@ locals {

 resource "aws_iam_role_policy_attachment" "magic_plan_s3_write" {
  role       = module.lambda.role_name
-  policy_arn = data.terraform_remote_state.shared.outputs.magic_plan_s3_write_arn
+  policy_arn = data.terraform_remote_state.shared.outputs.energy_assessments_s3_write_arn
 }

 module "lambda" {
--- a/infrastructure/terraform/lambda/pashub_to_ara/main.tf
+++ b/infrastructure/terraform/lambda/pashub_to_ara/main.tf
@ -54,5 +54,5 @@ module "lambda" {

 resource "aws_iam_role_policy_attachment" "pashub_to_ara_s3_write" {
  role       = module.lambda.role_name
-  policy_arn = data.terraform_remote_state.shared.outputs.pashub_to_ara_s3_write_arn
+  policy_arn = data.terraform_remote_state.shared.outputs.energy_assessments_s3_write_arn
 }
--- a/infrastructure/terraform/shared/main.tf
+++ b/infrastructure/terraform/shared/main.tf
@ -568,18 +568,18 @@ module "pashub_to_ara_registry" {
  stage  = var.stage
 }

-module "pashub_to_ara_s3_write" {
+module "energy_assessments_s3_write" {
  source = "../modules/s3_iam_policy"

-  policy_name        = "PashubToAraWriteS3"
-  policy_description = "Allow PasHub to ARA Lambda to write to retrofit energy assessments bucket"
+  policy_name        = "EnergyAssessmentsWriteS3"
+  policy_description = "Allow lambdas to write to retrofit energy assessments bucket"
  bucket_arns        = ["arn:aws:s3:::retrofit-energy-assessments-${var.stage}"]
  actions            = ["s3:PutObject", "s3:AbortMultipartUpload"]
  resource_paths     = ["/*"]
 }

-output "pashub_to_ara_s3_write_arn" {
-  value = module.pashub_to_ara_s3_write.policy_arn
+output "energy_assessments_s3_write_arn" {
+  value = module.energy_assessments_s3_write.policy_arn
 }

 ################################################
@ -747,16 +747,3 @@ module "magic_plan_client_registry" {
  stage  = var.stage
 }

-module "magic_plan_s3_write" {
-  source = "../modules/s3_iam_policy"
-
-  policy_name        = "MagicPlanWriteS3"
-  policy_description = "Allow MagicPlan Lambda to write to retrofit energy assessments bucket"
-  bucket_arns        = ["arn:aws:s3:::retrofit-energy-assessments-${var.stage}"]
-  actions            = ["s3:PutObject", "s3:AbortMultipartUpload"]
-  resource_paths     = ["/*"]
-}
-
-output "magic_plan_s3_write_arn" {
-  value = module.magic_plan_s3_write.policy_arn
-}