From f2d084af73b2a9bcceb48455238ad418c3dbfab8 Mon Sep 17 00:00:00 2001 From: Gary H <26419401+Gary-H9@users.noreply.github.com> Date: Wed, 8 Jan 2025 16:07:09 +0000 Subject: [PATCH 1/2] :wrench: Add push/pull principals --- terraform/environments/core-shared-services/ecr_repos.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/terraform/environments/core-shared-services/ecr_repos.tf b/terraform/environments/core-shared-services/ecr_repos.tf index 94616c96e..ba85816f5 100644 --- a/terraform/environments/core-shared-services/ecr_repos.tf +++ b/terraform/environments/core-shared-services/ecr_repos.tf @@ -752,12 +752,14 @@ module "data_platform_jml_ecr_repo" { push_principals = [ "arn:aws:iam::${local.environment_management.account_ids["data-platform-development"]}:role/modernisation-platform-oidc-cicd", "arn:aws:iam::${local.environment_management.account_ids["data-platform-apps-and-tools-development"]}:role/modernisation-platform-oidc-cicd", + "arn:aws:iam::${local.environment_management.account_ids["analytical-platform-data-production"]}:role/modernisation-platform-oidc-cicd", local.environment_management.account_ids["data-platform-apps-and-tools-production"], ] pull_principals = [ "arn:aws:iam::${local.environment_management.account_ids["data-platform-development"]}:role/modernisation-platform-oidc-cicd", "arn:aws:iam::${local.environment_management.account_ids["data-platform-apps-and-tools-development"]}:role/modernisation-platform-oidc-cicd", + "arn:aws:iam::${local.environment_management.account_ids["analytical-platform-data-production"]}:role/modernisation-platform-oidc-cicd", local.environment_management.account_ids["data-platform-apps-and-tools-production"], ] From 1783aae3e2e08b8bef8ae2f440740bd0b23eeefe Mon Sep 17 00:00:00 2001 From: Gary H <26419401+Gary-H9@users.noreply.github.com> Date: Wed, 8 Jan 2025 17:57:53 +0000 Subject: [PATCH 2/2] Update enable_retrieval_policy_for_lambdas --- terraform/environments/core-shared-services/ecr_repos.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/environments/core-shared-services/ecr_repos.tf b/terraform/environments/core-shared-services/ecr_repos.tf index ba85816f5..4e0118c99 100644 --- a/terraform/environments/core-shared-services/ecr_repos.tf +++ b/terraform/environments/core-shared-services/ecr_repos.tf @@ -765,6 +765,7 @@ module "data_platform_jml_ecr_repo" { enable_retrieval_policy_for_lambdas = [ "arn:aws:lambda:eu-west-2:${local.environment_management.account_ids["data-platform-apps-and-tools-production"]}:function:data_platform_jml_extract*", + "arn:aws:iam::${local.environment_management.account_ids["analytical-platform-data-production"]}:function:data_platform_jml_extract*" ] # Tags