mirror of
https://github.com/Hestia-Homes/survey-extraction.git
synced 2026-06-30 13:10:56 +00:00
waltham forest
This commit is contained in:
parent
eab3634322
commit
6dd3ee1643
3 changed files with 113 additions and 99 deletions
|
|
@ -17,39 +17,43 @@ resource "aws_sqs_queue" "extractor_and_loader_queue" {
|
|||
|
||||
|
||||
# IAM policy specific to this Lambda
|
||||
resource "aws_iam_policy" "extractor_loader_policy" {
|
||||
name = "extractor-loader-policy"
|
||||
# resource "aws_iam_policy" "extractor_loader_policy" {
|
||||
# name = "extractor-loader-policy"
|
||||
|
||||
policy = jsonencode({
|
||||
Version = "2012-10-17",
|
||||
Statement = [
|
||||
{
|
||||
Effect = "Allow",
|
||||
Action = [
|
||||
"sqs:ReceiveMessage",
|
||||
"sqs:DeleteMessage",
|
||||
"sqs:GetQueueAttributes",
|
||||
"sqs:GetQueueUrl",
|
||||
"sqs:ChangeMessageVisibility"
|
||||
],
|
||||
Resource = aws_sqs_queue.extractor_and_loader_queue.arn
|
||||
},
|
||||
{
|
||||
Effect = "Allow",
|
||||
Action = [
|
||||
"ecr:GetDownloadUrlForLayer",
|
||||
"ecr:BatchGetImage",
|
||||
"ecr:BatchCheckLayerAvailability"
|
||||
],
|
||||
Resource = data.aws_ecr_repository.extractor_and_loader.arn
|
||||
},
|
||||
{
|
||||
Effect = "Allow",
|
||||
Action = ["ecr:GetAuthorizationToken"],
|
||||
Resource = "*"
|
||||
}
|
||||
]
|
||||
})
|
||||
# policy = jsonencode({
|
||||
# Version = "2012-10-17",
|
||||
# Statement = [
|
||||
# {
|
||||
# Effect = "Allow",
|
||||
# Action = [
|
||||
# "sqs:ReceiveMessage",
|
||||
# "sqs:DeleteMessage",
|
||||
# "sqs:GetQueueAttributes",
|
||||
# "sqs:GetQueueUrl",
|
||||
# "sqs:ChangeMessageVisibility"
|
||||
# ],
|
||||
# Resource = aws_sqs_queue.extractor_and_loader_queue.arn
|
||||
# },
|
||||
# {
|
||||
# Effect = "Allow",
|
||||
# Action = [
|
||||
# "ecr:GetDownloadUrlForLayer",
|
||||
# "ecr:BatchGetImage",
|
||||
# "ecr:BatchCheckLayerAvailability"
|
||||
# ],
|
||||
# Resource = data.aws_ecr_repository.extractor_and_loader.arn
|
||||
# },
|
||||
# {
|
||||
# Effect = "Allow",
|
||||
# Action = ["ecr:GetAuthorizationToken"],
|
||||
# Resource = "*"
|
||||
# }
|
||||
# ]
|
||||
# })
|
||||
# }
|
||||
data "aws_iam_policy" "extractor_loader_policy" {
|
||||
# Existing customer-managed policy ARN:
|
||||
arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/extractor-loader-policy"
|
||||
}
|
||||
|
||||
resource "aws_iam_role_policy_attachment" "extractor_loader_policy_attach" {
|
||||
|
|
|
|||
|
|
@ -13,40 +13,45 @@ resource "aws_sqs_queue" "lambda_example_queue" {
|
|||
name = "lambda-example-queue"
|
||||
}
|
||||
|
||||
# Custom IAM policy specific to lambda_example
|
||||
resource "aws_iam_policy" "lambda_example_policy" {
|
||||
name = "lambda-example-policy"
|
||||
# # Custom IAM policy specific to lambda_example
|
||||
# resource "aws_iam_policy" "lambda_example_policy" {
|
||||
# name = "lambda-example-policy"
|
||||
|
||||
policy = jsonencode({
|
||||
Version = "2012-10-17",
|
||||
Statement = [
|
||||
{
|
||||
Effect = "Allow",
|
||||
Action = [
|
||||
"sqs:ReceiveMessage",
|
||||
"sqs:DeleteMessage",
|
||||
"sqs:GetQueueAttributes",
|
||||
"sqs:GetQueueUrl",
|
||||
"sqs:ChangeMessageVisibility"
|
||||
],
|
||||
Resource = aws_sqs_queue.lambda_example_queue.arn
|
||||
},
|
||||
{
|
||||
Effect = "Allow",
|
||||
Action = [
|
||||
"ecr:GetDownloadUrlForLayer",
|
||||
"ecr:BatchGetImage",
|
||||
"ecr:BatchCheckLayerAvailability"
|
||||
],
|
||||
Resource = data.aws_ecr_repository.lambda_example.arn
|
||||
},
|
||||
{
|
||||
Effect = "Allow",
|
||||
Action = ["ecr:GetAuthorizationToken"],
|
||||
Resource = "*"
|
||||
}
|
||||
]
|
||||
})
|
||||
# policy = jsonencode({
|
||||
# Version = "2012-10-17",
|
||||
# Statement = [
|
||||
# {
|
||||
# Effect = "Allow",
|
||||
# Action = [
|
||||
# "sqs:ReceiveMessage",
|
||||
# "sqs:DeleteMessage",
|
||||
# "sqs:GetQueueAttributes",
|
||||
# "sqs:GetQueueUrl",
|
||||
# "sqs:ChangeMessageVisibility"
|
||||
# ],
|
||||
# Resource = aws_sqs_queue.lambda_example_queue.arn
|
||||
# },
|
||||
# {
|
||||
# Effect = "Allow",
|
||||
# Action = [
|
||||
# "ecr:GetDownloadUrlForLayer",
|
||||
# "ecr:BatchGetImage",
|
||||
# "ecr:BatchCheckLayerAvailability"
|
||||
# ],
|
||||
# Resource = data.aws_ecr_repository.lambda_example.arn
|
||||
# },
|
||||
# {
|
||||
# Effect = "Allow",
|
||||
# Action = ["ecr:GetAuthorizationToken"],
|
||||
# Resource = "*"
|
||||
# }
|
||||
# ]
|
||||
# })
|
||||
# }
|
||||
|
||||
data "aws_iam_policy" "lambda_example_policy" {
|
||||
# Existing customer-managed policy ARN:
|
||||
arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/lambda_example_policy"
|
||||
}
|
||||
|
||||
resource "aws_iam_role_policy_attachment" "lambda_example_policy_attach" {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ data "aws_iam_role" "lambda_exec_role" {
|
|||
}
|
||||
|
||||
# Reference existing ECR repository
|
||||
data "aws_ecr_repository" "walthamforest_etl_adhoc_adhoc_adhoc_adhoc_adhoc_ecr" {
|
||||
data "aws_ecr_repository" "walthamforest_etl_adhoc_ecr" {
|
||||
name = "walthamforest_etl_adhoc_ecr"
|
||||
}
|
||||
|
||||
|
|
@ -15,42 +15,47 @@ resource "aws_sqs_queue" "walthamforest_etl_adhoc_queue" {
|
|||
}
|
||||
|
||||
|
||||
# IAM policy specific to this Lambda
|
||||
resource "aws_iam_policy" "walthamforest_etl_adhoc_policy" {
|
||||
name = "walthamforest_etl_adhoc-loader-policy"
|
||||
# # IAM policy specific to this Lambda
|
||||
# resource "aws_iam_policy" "walthamforest_etl_adhoc_policy" {
|
||||
# name = "walthamforest_etl_adhoc-loader-policy"
|
||||
|
||||
policy = jsonencode({
|
||||
Version = "2012-10-17",
|
||||
Statement = [
|
||||
{
|
||||
Effect = "Allow",
|
||||
Action = [
|
||||
"sqs:ReceiveMessage",
|
||||
"sqs:DeleteMessage",
|
||||
"sqs:GetQueueAttributes",
|
||||
"sqs:GetQueueUrl",
|
||||
"sqs:ChangeMessageVisibility"
|
||||
],
|
||||
Resource = aws_sqs_queue.walthamforest_etl_adhoc_queue.arn
|
||||
},
|
||||
{
|
||||
Effect = "Allow",
|
||||
Action = [
|
||||
"ecr:GetDownloadUrlForLayer",
|
||||
"ecr:BatchGetImage",
|
||||
"ecr:BatchCheckLayerAvailability"
|
||||
],
|
||||
Resource = data.aws_ecr_repository.walthamforest_etl_adhoc_ecr.arn
|
||||
},
|
||||
{
|
||||
Effect = "Allow",
|
||||
Action = ["ecr:GetAuthorizationToken"],
|
||||
Resource = "*"
|
||||
}
|
||||
]
|
||||
})
|
||||
# policy = jsonencode({
|
||||
# Version = "2012-10-17",
|
||||
# Statement = [
|
||||
# {
|
||||
# Effect = "Allow",
|
||||
# Action = [
|
||||
# "sqs:ReceiveMessage",
|
||||
# "sqs:DeleteMessage",
|
||||
# "sqs:GetQueueAttributes",
|
||||
# "sqs:GetQueueUrl",
|
||||
# "sqs:ChangeMessageVisibility"
|
||||
# ],
|
||||
# Resource = aws_sqs_queue.walthamforest_etl_adhoc_queue.arn
|
||||
# },
|
||||
# {
|
||||
# Effect = "Allow",
|
||||
# Action = [
|
||||
# "ecr:GetDownloadUrlForLayer",
|
||||
# "ecr:BatchGetImage",
|
||||
# "ecr:BatchCheckLayerAvailability"
|
||||
# ],
|
||||
# Resource = data.aws_ecr_repository.walthamforest_etl_adhoc_ecr.arn
|
||||
# },
|
||||
# {
|
||||
# Effect = "Allow",
|
||||
# Action = ["ecr:GetAuthorizationToken"],
|
||||
# Resource = "*"
|
||||
# }
|
||||
# ]
|
||||
# })
|
||||
# }
|
||||
data "aws_iam_policy" "walthamforest_etl_adhoc_policy" {
|
||||
# Existing customer-managed policy ARN:
|
||||
arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/walthamforest_etl_adhoc_policy"
|
||||
}
|
||||
|
||||
|
||||
resource "aws_iam_role_policy_attachment" "walthamforest_etl_adhoc_policy_attach" {
|
||||
role = data.aws_iam_role.lambda_exec_role.name
|
||||
policy_arn = aws_iam_policy.walthamforest_etl_adhoc_policy.arn
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue