mirror of
https://github.com/Hestia-Homes/Model.git
synced 2026-06-30 13:10:47 +00:00
generate new role for reading from s3 bucket and attach it to the lambda
This commit is contained in:
parent
68b12c7344
commit
f3e77beefd
2 changed files with 24 additions and 0 deletions
|
|
@ -26,3 +26,8 @@ module "lambda" {
|
||||||
)
|
)
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_role_policy_attachment" "attach_condition_etl_s3_read" {
|
||||||
|
role = module.lambda.role.role_name
|
||||||
|
policy_arn = module.shared.condition_etl_s3_read_arn
|
||||||
|
}
|
||||||
|
|
@ -344,4 +344,23 @@ module "condition_data_bucket" {
|
||||||
source = "../modules/s3"
|
source = "../modules/s3"
|
||||||
bucketname = "condition-data-${var.stage}"
|
bucketname = "condition-data-${var.stage}"
|
||||||
allowed_origins = var.allowed_origins
|
allowed_origins = var.allowed_origins
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_policy" "condition_etl_s3_read" {
|
||||||
|
name = "ConditionETLReadS3"
|
||||||
|
description = "Allow Lambda to read objects from condition-data-${var.stage}"
|
||||||
|
policy = jsonencode({
|
||||||
|
Version = "2012-10-17"
|
||||||
|
Statement = [
|
||||||
|
{
|
||||||
|
Effect = "Allow"
|
||||||
|
Action = ["s3:GetObject"]
|
||||||
|
Resource = "arn:aws:s3:::condition-data-${var.stage}/*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
output "condition_etl_s3_read_arn" {
|
||||||
|
value = aws_iam_policy.condition_etl_s3_read.arn
|
||||||
}
|
}
|
||||||
Loading…
Add table
Reference in a new issue