diff --git a/deployment/lambda/extractor_and_loader/extractor_and_loader_lambda.tf b/deployment/lambda/extractor_and_loader/extractor_and_loader_lambda.tf index f7acdc3..193ae27 100644 --- a/deployment/lambda/extractor_and_loader/extractor_and_loader_lambda.tf +++ b/deployment/lambda/extractor_and_loader/extractor_and_loader_lambda.tf @@ -17,39 +17,43 @@ resource "aws_sqs_queue" "extractor_and_loader_queue" { # IAM policy specific to this Lambda -resource "aws_iam_policy" "extractor_loader_policy" { - name = "extractor-loader-policy" +# resource "aws_iam_policy" "extractor_loader_policy" { +# name = "extractor-loader-policy" - policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Effect = "Allow", - Action = [ - "sqs:ReceiveMessage", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - "sqs:ChangeMessageVisibility" - ], - Resource = aws_sqs_queue.extractor_and_loader_queue.arn - }, - { - Effect = "Allow", - Action = [ - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage", - "ecr:BatchCheckLayerAvailability" - ], - Resource = data.aws_ecr_repository.extractor_and_loader.arn - }, - { - Effect = "Allow", - Action = ["ecr:GetAuthorizationToken"], - Resource = "*" - } - ] - }) +# policy = jsonencode({ +# Version = "2012-10-17", +# Statement = [ +# { +# Effect = "Allow", +# Action = [ +# "sqs:ReceiveMessage", +# "sqs:DeleteMessage", +# "sqs:GetQueueAttributes", +# "sqs:GetQueueUrl", +# "sqs:ChangeMessageVisibility" +# ], +# Resource = aws_sqs_queue.extractor_and_loader_queue.arn +# }, +# { +# Effect = "Allow", +# Action = [ +# "ecr:GetDownloadUrlForLayer", +# "ecr:BatchGetImage", +# "ecr:BatchCheckLayerAvailability" +# ], +# Resource = data.aws_ecr_repository.extractor_and_loader.arn +# }, +# { +# Effect = "Allow", +# Action = ["ecr:GetAuthorizationToken"], +# Resource = "*" +# } +# ] +# }) +# } +data "aws_iam_policy" "extractor_loader_policy" { + # Existing customer-managed policy ARN: + arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/extractor-loader-policy" } resource "aws_iam_role_policy_attachment" "extractor_loader_policy_attach" { diff --git a/deployment/lambda/lambda_example/lambda_example_and_config.tf b/deployment/lambda/lambda_example/lambda_example_and_config.tf index ae71b0c..94259a9 100644 --- a/deployment/lambda/lambda_example/lambda_example_and_config.tf +++ b/deployment/lambda/lambda_example/lambda_example_and_config.tf @@ -13,40 +13,45 @@ resource "aws_sqs_queue" "lambda_example_queue" { name = "lambda-example-queue" } -# Custom IAM policy specific to lambda_example -resource "aws_iam_policy" "lambda_example_policy" { - name = "lambda-example-policy" +# # Custom IAM policy specific to lambda_example +# resource "aws_iam_policy" "lambda_example_policy" { +# name = "lambda-example-policy" - policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Effect = "Allow", - Action = [ - "sqs:ReceiveMessage", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - "sqs:ChangeMessageVisibility" - ], - Resource = aws_sqs_queue.lambda_example_queue.arn - }, - { - Effect = "Allow", - Action = [ - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage", - "ecr:BatchCheckLayerAvailability" - ], - Resource = data.aws_ecr_repository.lambda_example.arn - }, - { - Effect = "Allow", - Action = ["ecr:GetAuthorizationToken"], - Resource = "*" - } - ] - }) +# policy = jsonencode({ +# Version = "2012-10-17", +# Statement = [ +# { +# Effect = "Allow", +# Action = [ +# "sqs:ReceiveMessage", +# "sqs:DeleteMessage", +# "sqs:GetQueueAttributes", +# "sqs:GetQueueUrl", +# "sqs:ChangeMessageVisibility" +# ], +# Resource = aws_sqs_queue.lambda_example_queue.arn +# }, +# { +# Effect = "Allow", +# Action = [ +# "ecr:GetDownloadUrlForLayer", +# "ecr:BatchGetImage", +# "ecr:BatchCheckLayerAvailability" +# ], +# Resource = data.aws_ecr_repository.lambda_example.arn +# }, +# { +# Effect = "Allow", +# Action = ["ecr:GetAuthorizationToken"], +# Resource = "*" +# } +# ] +# }) +# } + +data "aws_iam_policy" "lambda_example_policy" { + # Existing customer-managed policy ARN: + arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/lambda_example_policy" } resource "aws_iam_role_policy_attachment" "lambda_example_policy_attach" { diff --git a/deployment/lambda/walthamforest_etl/walthamforest_etl_lambda.tf b/deployment/lambda/walthamforest_etl/walthamforest_etl_lambda.tf index 8c0ff47..e188c96 100644 --- a/deployment/lambda/walthamforest_etl/walthamforest_etl_lambda.tf +++ b/deployment/lambda/walthamforest_etl/walthamforest_etl_lambda.tf @@ -4,7 +4,7 @@ data "aws_iam_role" "lambda_exec_role" { } # Reference existing ECR repository -data "aws_ecr_repository" "walthamforest_etl_adhoc_adhoc_adhoc_adhoc_adhoc_ecr" { +data "aws_ecr_repository" "walthamforest_etl_adhoc_ecr" { name = "walthamforest_etl_adhoc_ecr" } @@ -15,42 +15,47 @@ resource "aws_sqs_queue" "walthamforest_etl_adhoc_queue" { } -# IAM policy specific to this Lambda -resource "aws_iam_policy" "walthamforest_etl_adhoc_policy" { - name = "walthamforest_etl_adhoc-loader-policy" +# # IAM policy specific to this Lambda +# resource "aws_iam_policy" "walthamforest_etl_adhoc_policy" { +# name = "walthamforest_etl_adhoc-loader-policy" - policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Effect = "Allow", - Action = [ - "sqs:ReceiveMessage", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - "sqs:ChangeMessageVisibility" - ], - Resource = aws_sqs_queue.walthamforest_etl_adhoc_queue.arn - }, - { - Effect = "Allow", - Action = [ - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage", - "ecr:BatchCheckLayerAvailability" - ], - Resource = data.aws_ecr_repository.walthamforest_etl_adhoc_ecr.arn - }, - { - Effect = "Allow", - Action = ["ecr:GetAuthorizationToken"], - Resource = "*" - } - ] - }) +# policy = jsonencode({ +# Version = "2012-10-17", +# Statement = [ +# { +# Effect = "Allow", +# Action = [ +# "sqs:ReceiveMessage", +# "sqs:DeleteMessage", +# "sqs:GetQueueAttributes", +# "sqs:GetQueueUrl", +# "sqs:ChangeMessageVisibility" +# ], +# Resource = aws_sqs_queue.walthamforest_etl_adhoc_queue.arn +# }, +# { +# Effect = "Allow", +# Action = [ +# "ecr:GetDownloadUrlForLayer", +# "ecr:BatchGetImage", +# "ecr:BatchCheckLayerAvailability" +# ], +# Resource = data.aws_ecr_repository.walthamforest_etl_adhoc_ecr.arn +# }, +# { +# Effect = "Allow", +# Action = ["ecr:GetAuthorizationToken"], +# Resource = "*" +# } +# ] +# }) +# } +data "aws_iam_policy" "walthamforest_etl_adhoc_policy" { + # Existing customer-managed policy ARN: + arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/walthamforest_etl_adhoc_policy" } + resource "aws_iam_role_policy_attachment" "walthamforest_etl_adhoc_policy_attach" { role = data.aws_iam_role.lambda_exec_role.name policy_arn = aws_iam_policy.walthamforest_etl_adhoc_policy.arn