Merge pull request #1030 from Hestia-Homes/feature/pashub-to-ara

Pashub to Ara: Give lambda permission to write to s3
2026-06-08 11:17:27 +00:00 · 2026-04-24 09:40:20 +01:00 · 2026-04-24 09:40:20 +01:00 · f7b74519e3
commit f7b74519e3
parent 8e1f8e0cfc 0357993f07
2 changed files with 19 additions and 0 deletions
--- a/infrastructure/terraform/lambda/pashub_to_ara/main.tf
+++ b/infrastructure/terraform/lambda/pashub_to_ara/main.tf
@ -51,3 +51,8 @@ module "lambda" {
    PASHUB_PASSWORD                     = var.pashub_password
  }
 }
+
+resource "aws_iam_role_policy_attachment" "pashub_to_ara_s3_write" {
+  role       = module.lambda.role_name
+  policy_arn = data.terraform_remote_state.shared.outputs.pashub_to_ara_s3_write_arn
+}
--- a/infrastructure/terraform/shared/main.tf
+++ b/infrastructure/terraform/shared/main.tf
@ -566,6 +566,20 @@ module "pashub_to_ara_registry" {
  stage  = var.stage
 }

+module "pashub_to_ara_s3_write" {
+  source = "../modules/s3_iam_policy"
+
+  policy_name        = "PashubToAraWriteS3"
+  policy_description = "Allow PasHub to ARA Lambda to write to retrofit energy assessments bucket"
+  bucket_arns        = ["arn:aws:s3:::retrofit-energy-assessments-${var.stage}"]
+  actions            = ["s3:PutObject", "s3:AbortMultipartUpload"]
+  resource_paths     = ["/*"]
+}
+
+output "pashub_to_ara_s3_write_arn" {
+  value = module.pashub_to_ara_s3_write.policy_arn
+}
+
 ################################################
 # ECMK to Ara – Lambda
 ################################################