walthamforest

2026-06-08 11:17:29 +00:00 · 2025-09-11 15:01:47 +00:00 · 2025-09-11 15:01:47 +00:00 · 04f0708b15
commit 04f0708b15
parent 6dd3ee1643
3 changed files with 101 additions and 113 deletions
--- a/deployment/lambda/extractor_and_loader/extractor_and_loader_lambda.tf
+++ b/deployment/lambda/extractor_and_loader/extractor_and_loader_lambda.tf
@ -16,44 +16,40 @@ resource "aws_sqs_queue" "extractor_and_loader_queue" {
 }


-# IAM policy specific to this Lambda
-# resource "aws_iam_policy" "extractor_loader_policy" {
-#   name = "extractor-loader-policy"
+# Custom IAM policy specific to lambda_example
+resource "aws_iam_policy" "extractor_loader_policy" {
+  name = "extractor_loader_policy"

-#   policy = jsonencode({
-#     Version = "2012-10-17",
-#     Statement = [
-#       {
-#         Effect = "Allow",
-#         Action = [
-#           "sqs:ReceiveMessage",
-#           "sqs:DeleteMessage",
-#           "sqs:GetQueueAttributes",
-#           "sqs:GetQueueUrl",
-#           "sqs:ChangeMessageVisibility"
-#         ],
-#         Resource = aws_sqs_queue.extractor_and_loader_queue.arn
-#       },
-#       {
-#         Effect = "Allow",
-#         Action = [
-#           "ecr:GetDownloadUrlForLayer",
-#           "ecr:BatchGetImage",
-#           "ecr:BatchCheckLayerAvailability"
-#         ],
-#         Resource = data.aws_ecr_repository.extractor_and_loader.arn
-#       },
-#       {
-#         Effect = "Allow",
-#         Action = ["ecr:GetAuthorizationToken"],
-#         Resource = "*"
-#       }
-#     ]
-#   })
-# }
-data "aws_iam_policy" "extractor_loader_policy" {
-  # Existing customer-managed policy ARN:
-  arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/extractor-loader-policy"
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "sqs:ReceiveMessage",
+          "sqs:DeleteMessage",
+          "sqs:GetQueueAttributes",
+          "sqs:GetQueueUrl",
+          "sqs:ChangeMessageVisibility"
+        ],
+        Resource = aws_sqs_queue.lambda_example_queue.arn
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "ecr:GetDownloadUrlForLayer",
+          "ecr:BatchGetImage",
+          "ecr:BatchCheckLayerAvailability"
+        ],
+        Resource = data.aws_ecr_repository.lambda_example.arn
+      },
+      {
+        Effect = "Allow",
+        Action = ["ecr:GetAuthorizationToken"],
+        Resource = "*"
+      }
+    ]
+  })
 }

 resource "aws_iam_role_policy_attachment" "extractor_loader_policy_attach" {
--- a/deployment/lambda/lambda_example/lambda_example_and_config.tf
+++ b/deployment/lambda/lambda_example/lambda_example_and_config.tf
@ -13,47 +13,44 @@ resource "aws_sqs_queue" "lambda_example_queue" {
  name = "lambda-example-queue"
 }

-# # Custom IAM policy specific to lambda_example
-# resource "aws_iam_policy" "lambda_example_policy" {
-#   name = "lambda-example-policy"
+# Custom IAM policy specific to lambda_example
+resource "aws_iam_policy" "lambda_example_policy" {
+  name = "lambda-example-policy"

-#   policy = jsonencode({
-#     Version = "2012-10-17",
-#     Statement = [
-#       {
-#         Effect = "Allow",
-#         Action = [
-#           "sqs:ReceiveMessage",
-#           "sqs:DeleteMessage",
-#           "sqs:GetQueueAttributes",
-#           "sqs:GetQueueUrl",
-#           "sqs:ChangeMessageVisibility"
-#         ],
-#         Resource = aws_sqs_queue.lambda_example_queue.arn
-#       },
-#       {
-#         Effect = "Allow",
-#         Action = [
-#           "ecr:GetDownloadUrlForLayer",
-#           "ecr:BatchGetImage",
-#           "ecr:BatchCheckLayerAvailability"
-#         ],
-#         Resource = data.aws_ecr_repository.lambda_example.arn
-#       },
-#       {
-#         Effect = "Allow",
-#         Action = ["ecr:GetAuthorizationToken"],
-#         Resource = "*"
-#       }
-#     ]
-#   })
-# }
-
-data "aws_iam_policy" "lambda_example_policy" {
-  # Existing customer-managed policy ARN:
-  arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/lambda_example_policy"
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "sqs:ReceiveMessage",
+          "sqs:DeleteMessage",
+          "sqs:GetQueueAttributes",
+          "sqs:GetQueueUrl",
+          "sqs:ChangeMessageVisibility"
+        ],
+        Resource = aws_sqs_queue.lambda_example_queue.arn
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "ecr:GetDownloadUrlForLayer",
+          "ecr:BatchGetImage",
+          "ecr:BatchCheckLayerAvailability"
+        ],
+        Resource = data.aws_ecr_repository.lambda_example.arn
+      },
+      {
+        Effect = "Allow",
+        Action = ["ecr:GetAuthorizationToken"],
+        Resource = "*"
+      }
+    ]
+  })
 }

+
+
 resource "aws_iam_role_policy_attachment" "lambda_example_policy_attach" {
  role       = data.aws_iam_role.lambda_exec_role.name
  policy_arn = aws_iam_policy.lambda_example_policy.arn
--- a/deployment/lambda/walthamforest_etl/walthamforest_etl_lambda.tf
+++ b/deployment/lambda/walthamforest_etl/walthamforest_etl_lambda.tf
@ -15,47 +15,42 @@ resource "aws_sqs_queue" "walthamforest_etl_adhoc_queue" {
 }


-# # IAM policy specific to this Lambda
-# resource "aws_iam_policy" "walthamforest_etl_adhoc_policy" {
-#   name = "walthamforest_etl_adhoc-loader-policy"
+# Custom IAM policy specific to lambda_example
+resource "aws_iam_policy" "walthamforest_etl_adhoc_policy" {
+  name = "lambda-example-policy"

-#   policy = jsonencode({
-#     Version = "2012-10-17",
-#     Statement = [
-#       {
-#         Effect = "Allow",
-#         Action = [
-#           "sqs:ReceiveMessage",
-#           "sqs:DeleteMessage",
-#           "sqs:GetQueueAttributes",
-#           "sqs:GetQueueUrl",
-#           "sqs:ChangeMessageVisibility"
-#         ],
-#         Resource = aws_sqs_queue.walthamforest_etl_adhoc_queue.arn
-#       },
-#       {
-#         Effect = "Allow",
-#         Action = [
-#           "ecr:GetDownloadUrlForLayer",
-#           "ecr:BatchGetImage",
-#           "ecr:BatchCheckLayerAvailability"
-#         ],
-#         Resource = data.aws_ecr_repository.walthamforest_etl_adhoc_ecr.arn
-#       },
-#       {
-#         Effect = "Allow",
-#         Action = ["ecr:GetAuthorizationToken"],
-#         Resource = "*"
-#       }
-#     ]
-#   })
-# }
-data "aws_iam_policy" "walthamforest_etl_adhoc_policy" {
-  # Existing customer-managed policy ARN:
-  arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/walthamforest_etl_adhoc_policy"
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "sqs:ReceiveMessage",
+          "sqs:DeleteMessage",
+          "sqs:GetQueueAttributes",
+          "sqs:GetQueueUrl",
+          "sqs:ChangeMessageVisibility"
+        ],
+        Resource = aws_sqs_queue.lambda_example_queue.arn
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "ecr:GetDownloadUrlForLayer",
+          "ecr:BatchGetImage",
+          "ecr:BatchCheckLayerAvailability"
+        ],
+        Resource = data.aws_ecr_repository.lambda_example.arn
+      },
+      {
+        Effect = "Allow",
+        Action = ["ecr:GetAuthorizationToken"],
+        Resource = "*"
+      }
+    ]
+  })
 }

-
 resource "aws_iam_role_policy_attachment" "walthamforest_etl_adhoc_policy_attach" {
  role       = data.aws_iam_role.lambda_exec_role.name
  policy_arn = aws_iam_policy.walthamforest_etl_adhoc_policy.arn