junte/Model
1
0
Fork 0
mirror of https://github.com/Hestia-Homes/Model.git synced 2026-06-08 11:17:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

restructuring iam policy for lambda

Browse source
This commit is contained in:
Khalim Conn-Kowlessar 2025-04-17 17:11:59 +01:00
parent e37ebf83fb
commit fd76331ac3
1 changed files with 56 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
serverless.yml
View file

@ -61,40 +61,11 @@ functions:
uri: ${env:ECR_URI}:${env:GITHUB_SHA}
timeout: 900
memorySize: 2048
role: EngineLambdaRole
events:
- sqs:
arn: arn:aws:sqs:${self:provider.region}:${aws:accountId}:model-engine-queue
batchSize: 1
iamRoleStatements:
- Effect: Allow
Action:
- sqs:ReceiveMessage
- sqs:DeleteMessage
- sqs:GetQueueAttributes
Resource:
- Fn::GetAtt: [ EngineQueue, Arn ]
- Effect: Allow
Action:
- s3:*
Resource:
- arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}
- arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}/*
- arn:aws:s3:::${env:PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:PREDICTIONS_BUCKET}/*
- arn:aws:s3:::${env:DATA_BUCKET}
- arn:aws:s3:::${env:DATA_BUCKET}/*
- arn:aws:s3:::${env:ENERGY_ASSESSMENTS_BUCKET}
- arn:aws:s3:::${env:ENERGY_ASSESSMENTS_BUCKET}/*
- arn:aws:s3:::${env:SAP_PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:SAP_PREDICTIONS_BUCKET}/*
- arn:aws:s3:::${env:CARBON_PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:CARBON_PREDICTIONS_BUCKET}/*
- arn:aws:s3:::${env:HEAT_PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:HEAT_PREDICTIONS_BUCKET}/*
- arn:aws:s3:::${env:HEATING_KWH_PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:HEATING_KWH_PREDICTIONS_BUCKET}/*
- arn:aws:s3:::${env:HOTWATER_KWH_PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:HOTWATER_KWH_PREDICTIONS_BUCKET}/*
resources:
Resources:
@ -147,3 +118,58 @@ resources:
- arn:aws:s3:::${env:HEAT_PREDICTIONS_BUCKET}/*
- arn:aws:s3:::${env:HEATING_KWH_PREDICTIONS_BUCKET}/*
- arn:aws:s3:::${env:HOTWATER_KWH_PREDICTIONS_BUCKET}/*
EngineLambdaRole:
Type: AWS::IAM::Role
Properties:
RoleName: retrofit-engine-lambda-role-${self:provider.region}
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: EngineLambdaPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- Effect: Allow
Action:
- sqs:ReceiveMessage
- sqs:DeleteMessage
- sqs:GetQueueAttributes
Resource:
- Fn::GetAtt: [ EngineQueue, Arn ]
- Effect: Allow
Action:
- s3:GetObject
- s3:ListBucket
Resource:
- arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}
- arn:aws:s3:::${env:PLAN_TRIGGER_BUCKET}/*
- arn:aws:s3:::${env:PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:PREDICTIONS_BUCKET}/*
- arn:aws:s3:::${env:DATA_BUCKET}
- arn:aws:s3:::${env:DATA_BUCKET}/*
- arn:aws:s3:::${env:ENERGY_ASSESSMENTS_BUCKET}
- arn:aws:s3:::${env:ENERGY_ASSESSMENTS_BUCKET}/*
- arn:aws:s3:::${env:SAP_PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:SAP_PREDICTIONS_BUCKET}/*
- arn:aws:s3:::${env:CARBON_PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:CARBON_PREDICTIONS_BUCKET}/*
- arn:aws:s3:::${env:HEAT_PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:HEAT_PREDICTIONS_BUCKET}/*
- arn:aws:s3:::${env:HEATING_KWH_PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:HEATING_KWH_PREDICTIONS_BUCKET}/*
- arn:aws:s3:::${env:HOTWATER_KWH_PREDICTIONS_BUCKET}
- arn:aws:s3:::${env:HOTWATER_KWH_PREDICTIONS_BUCKET}/*