From 9d588a541d6dea80b0c663007f67379fc1c39f45 Mon Sep 17 00:00:00 2001
From: matt-heery <matt.heery@digital.justice.gov.uk>
Date: Tue, 11 Jun 2024 14:28:11 +0100
Subject: [PATCH] granting EM permissions but all in one commit

---
 .../data-engineering-pipelines/locals.tf      | 58 ++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

diff --git a/terraform/aws/analytical-platform-data-production/data-engineering-pipelines/locals.tf b/terraform/aws/analytical-platform-data-production/data-engineering-pipelines/locals.tf
index e9e95bc5e3..b7721c70cd 100644
--- a/terraform/aws/analytical-platform-data-production/data-engineering-pipelines/locals.tf
+++ b/terraform/aws/analytical-platform-data-production/data-engineering-pipelines/locals.tf
@@ -835,6 +835,22 @@ locals {
                 "arn:aws:s3:::mojap-land",
                 "arn:aws:s3:::mojap-land/bold/essex-police/*"
               ]
+            },
+            {
+              Sid    = "WriteOnlyAccessElectronicMonitoringService"
+              Effect = "Allow"
+              Principal = {
+                AWS = "arn:aws:iam::976799291502:role/send_table_to_ap"
+              }
+              Action = [
+                "s3:PutObject",
+                "s3:PutObjectTagging",
+                "s3:PutObjectAcl"
+              ]
+              Resource = [
+                "arn:aws:s3:::mojap-land",
+                "arn:aws:s3:::mojap-land/electronic_monitoring/load/*"
+              ]
             }
           ]
           Version = "2012-10-17"
@@ -1060,6 +1076,22 @@ locals {
                 "arn:aws:s3:::mojap-land-dev",
                 "arn:aws:s3:::mojap-land-dev/bold/essex-police/*"
               ]
+            },
+            {
+              Sid    = "WriteOnlyAccessElectronicMonitoringService"
+              Effect = "Allow"
+              Principal = {
+                AWS = "arn:aws:iam::800964199911:role/send_table_to_ap"
+              }
+              Action = [
+                "s3:PutObject",
+                "s3:PutObjectTagging",
+                "s3:PutObjectAcl"
+              ]
+              Resource = [
+                "arn:aws:s3:::mojap-land-dev",
+                "arn:aws:s3:::mojap-land-dev/electronic_monitoring/load/*"
+              ]
             }
           ]
           Version = "2012-10-17"
@@ -1684,6 +1716,18 @@ locals {
               Resource = "arn:aws:s3:::mojap-metadata-dev"
               Sid      = "ListBucketAccess-mojap-metadata-dev"
             },
+            {
+              Action = [
+                "s3:PutObject",
+                "s3:PutObjectAcl"
+              ]
+              Effect = "Allow"
+              Principal = {
+                AWS = "arn:aws:iam::800964199911:role/send_metadata_to_ap"
+              }
+              Resource = "arn:aws:s3:::mojap-metadata-dev/electronic_monitoring/*"
+              Sid      = "PutAccess-mojap-metadata-dev-electronic-monitoring"
+            }
           ]
           Version = "2012-10-17"
         }
@@ -1770,7 +1814,7 @@ locals {
               }
               Resource = "arn:aws:s3:::mojap-metadata-preprod"
               Sid      = "ListBucketAccess-mojap-metadata-preprod"
-            },
+            }
           ]
           Version = "2012-10-17"
         }
@@ -1858,6 +1902,18 @@ locals {
               Resource = "arn:aws:s3:::mojap-metadata-prod"
               Sid      = "ListBucketAccess-mojap-metadata-prod"
             },
+            {
+              Action = [
+                "s3:PutObject",
+                "s3:PutObjectAcl"
+              ]
+              Effect = "Allow"
+              Principal = {
+                AWS = "arn:aws:iam::976799291502:role/send_metadata_to_ap"
+              }
+              Resource = "arn:aws:s3:::mojap-metadata-prod/electronic_monitoring/*"
+              Sid      = "PutAccess-mojap-metadata-prod-electronic-monitoring"
+            }
           ]
           Version = "2012-10-17"
         }