junte/Model
1
0
Fork 0
mirror of https://github.com/Hestia-Homes/Model.git synced 2026-06-08 11:17:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1185 from Hestia-Homes/main

Browse source 
permission issues
This commit is contained in:
Jun-te Kim 2026-06-05 16:40:23 +01:00 committed by GitHub
commit d83d17a7bf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
deployment/terraform/shared/main.tf
View file

@ -572,8 +572,9 @@ module "bulk_upload_finaliser_registry" {
stage = var.stage
}
# The finaliser only reads the combiner output (bulk_final_outputs) to insert
# property rows; it writes to Postgres, not S3.
# The finaliser reads the combiner output (bulk_final_outputs) to insert property
# rows, and for v2 (ADR-0006) the classifier CSV (bulk_onboarding_inputs) to
# populate property_overrides. It writes to Postgres, not S3.
module "bulk_upload_finaliser_s3_read" {
source = "../modules/s3_iam_policy"
@ -581,7 +582,7 @@ module "bulk_upload_finaliser_s3_read" {
policy_description = "Allow bulk_upload_finaliser Lambda to read combiner output from retrofit-data bucket"
bucket_arns = ["arn:aws:s3:::retrofit-data-${var.stage}"]
actions = ["s3:GetObject", "s3:ListBucket"]
resource_paths = ["/bulk_final_outputs/*"]
resource_paths = ["/bulk_final_outputs/*", "/bulk_onboarding_inputs/*"]
}
output "bulk_upload_finaliser_s3_read_arn" {