policy exists

2026-06-08 11:17:29 +00:00 · 2025-09-10 17:31:55 +01:00 · 2025-09-10 17:31:55 +01:00 · 7b02e53f1d
commit 7b02e53f1d
parent 00fe4fea2b
1 changed files with 35 additions and 31 deletions
--- a/deployment/lambda/walthamforest_etl/walthamforest_etl_lambda.tf
+++ b/deployment/lambda/walthamforest_etl/walthamforest_etl_lambda.tf
@ -16,38 +16,42 @@ resource "aws_sqs_queue" "walthamforest_etl_queue" {
 }


-# IAM policy specific to this Lambda
-resource "aws_iam_policy" "walthamforest_etl_policy" {
-  name = "walthamforest_etl-loader-policy"
+# # IAM policy specific to this Lambda
+# resource "aws_iam_policy" "walthamforest_etl_policy" {
+#   name = "walthamforest_etl-loader-policy"

-  policy = jsonencode({
-    Version = "2012-10-17",
-    Statement = [
-      {
-        Effect = "Allow",
-        Action = [
-          "sqs:ReceiveMessage",
-          "sqs:DeleteMessage",
-          "sqs:GetQueueAttributes"
-        ],
-        Resource = aws_sqs_queue.walthamforest_etl_queue.arn
-      },
-      {
-        Effect = "Allow",
-        Action = [
-          "ecr:GetDownloadUrlForLayer",
-          "ecr:BatchGetImage",
-          "ecr:BatchCheckLayerAvailability"
-        ],
-        Resource = data.aws_ecr_repository.walthamforest_etl_ecr.arn
-      },
-      {
-        Effect = "Allow",
-        Action = ["ecr:GetAuthorizationToken"],
-        Resource = "*"
-      }
-    ]
-  })
+#   policy = jsonencode({
+#     Version = "2012-10-17",
+#     Statement = [
+#       {
+#         Effect = "Allow",
+#         Action = [
+#           "sqs:ReceiveMessage",
+#           "sqs:DeleteMessage",
+#           "sqs:GetQueueAttributes"
+#         ],
+#         Resource = aws_sqs_queue.walthamforest_etl_queue.arn
+#       },
+#       {
+#         Effect = "Allow",
+#         Action = [
+#           "ecr:GetDownloadUrlForLayer",
+#           "ecr:BatchGetImage",
+#           "ecr:BatchCheckLayerAvailability"
+#         ],
+#         Resource = data.aws_ecr_repository.walthamforest_etl_ecr.arn
+#       },
+#       {
+#         Effect = "Allow",
+#         Action = ["ecr:GetAuthorizationToken"],
+#         Resource = "*"
+#       }
+#     ]
+#   })
+# }
+
+data "aws_iam_policy" "walthamforest_etl" {
+  name = "walthamforest_etl-loader-policy"
 }

 resource "aws_iam_role_policy_attachment" "walthamforest_etl_policy_attach" {