From 419039f440ab9159605fe2dd24a0ff07388231d6 Mon Sep 17 00:00:00 2001 From: matt-heery <116661071+matt-heery@users.noreply.github.com> Date: Wed, 12 Jun 2024 07:02:57 +0100 Subject: [PATCH] Fixing mojap-metadata-dev action and adding List Bucket policies (#4522) * list perms for em * replacing old oasis arn --- .../data-engineering-pipelines/locals.tf | 45 +++++++++++++++++-- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/terraform/aws/analytical-platform-data-production/data-engineering-pipelines/locals.tf b/terraform/aws/analytical-platform-data-production/data-engineering-pipelines/locals.tf index ac7ead75e5..0a47b08fd3 100644 --- a/terraform/aws/analytical-platform-data-production/data-engineering-pipelines/locals.tf +++ b/terraform/aws/analytical-platform-data-production/data-engineering-pipelines/locals.tf @@ -836,6 +836,17 @@ locals { "arn:aws:s3:::mojap-land/bold/essex-police/*" ] }, + { + Sid = "ListBucketAccessElectronicMonitoringService" + Effect = "Allow" + Principal = { + AWS = "arn:aws:iam::976799291502:role/send_table_to_ap" + } + Action = "s3:ListBucket" + Resource = [ + "arn:aws:s3:::mojap-land", + ] + }, { Sid = "WriteOnlyAccessElectronicMonitoringService" Effect = "Allow" @@ -848,7 +859,6 @@ locals { "s3:PutObjectAcl" ] Resource = [ - "arn:aws:s3:::mojap-land", "arn:aws:s3:::mojap-land/electronic_monitoring/load/*" ] } @@ -1077,6 +1087,17 @@ locals { "arn:aws:s3:::mojap-land-dev/bold/essex-police/*" ] }, + { + Sid = "ListBucketAccessElectronicMonitoringService" + Effect = "Allow" + Principal = { + AWS = "arn:aws:iam::800964199911:role/send_table_to_ap" + } + Action = "s3:ListBucket" + Resource = [ + "arn:aws:s3:::mojap-land", + ] + }, { Sid = "WriteOnlyAccessElectronicMonitoringService" Effect = "Allow" @@ -1699,7 +1720,7 @@ locals { Action = "s3:GetObject" Effect = "Allow" Principal = { - AWS = "AROASYCVJWSNFCCBEO2AN" + AWS = "arn:aws:iam::189157455002:role/oasys-lambda-copy-object-dev" } Resource = "arn:aws:s3:::mojap-metadata-dev/oasys/*" Sid = "ReadOnlyAccess-mojap-metadata-dev-oasys" @@ -1709,13 +1730,22 @@ locals { Effect = "Allow" Principal = { AWS = [ - "AROASYCVJWSNFCCBEO2AN", + "arn:aws:iam::189157455002:role/oasys-lambda-copy-object-dev", "AROASYCVJWSNN3REJ3AFS", ] } Resource = "arn:aws:s3:::mojap-metadata-dev" Sid = "ListBucketAccess-mojap-metadata-dev" }, + { + Action = "s3:ListBucket" + Effect = "Allow" + Principal = { + AWS = "arn:aws:iam::800964199911:role/send_metadata_to_ap" + } + Resource = "arn:aws:s3:::mojap-metadata-dev" + Sid = "ListAccess-mojap-metadata-dev-electronic-monitoring" + }, { Action = [ "s3:PutObject", @@ -1902,6 +1932,15 @@ locals { Resource = "arn:aws:s3:::mojap-metadata-prod" Sid = "ListBucketAccess-mojap-metadata-prod" }, + { + Action = "s3:ListBucket" + Effect = "Allow" + Principal = { + AWS = "arn:aws:iam::976799291502:role/send_metadata_to_ap" + } + Resource = "arn:aws:s3:::mojap-metadata-prod" + Sid = "ListAccess-mojap-metadata-prod-electronic-monitoring" + }, { Action = [ "s3:PutObject",