diff --git a/terraform/main.tf b/terraform/main.tf index a1f11feb..729ff3c7 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -46,7 +46,8 @@ module "orchestration" { security_group_ids = [data.terraform_remote_state.core.outputs.postgresql_security_group_id] task_role_policies = [ module.lambda_raster_tiler.lambda_invoke_policy_arn, - module.storage.s3_write_tiles_arn + module.storage.s3_write_tiles_arn, + "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess" ] task_execution_role_policies = [ data.terraform_remote_state.core.outputs.secrets_postgresql-reader_policy_arn, diff --git a/terraform/modules/content_delivery_network/lambda_functions/redirect_latest_tile_cache/src/lambda_function.py b/terraform/modules/content_delivery_network/lambda_functions/redirect_latest_tile_cache/src/lambda_function.py index efb2199e..ddbd7752 100644 --- a/terraform/modules/content_delivery_network/lambda_functions/redirect_latest_tile_cache/src/lambda_function.py +++ b/terraform/modules/content_delivery_network/lambda_functions/redirect_latest_tile_cache/src/lambda_function.py @@ -53,7 +53,10 @@ def handler(event, context): dataset = path_items[1] if dataset == "cog": query_params = parse_qs(query_string) - dataset = query_params.get("dataset", [None])[0] + # in the case of cog assets, we look for optional + # `dataset` (if url to external cog isn't specified) in query + # parameter setting the default to "cog" instead of `None` for clarity in later steps + dataset = query_params.get("dataset", ["cog"])[0] version = query_params.get("version", [None])[0] else: version = path_items[2] @@ -61,9 +64,10 @@ def handler(event, context): latest_versions = get_latest_versions(f"https://{host}/_latest") for latest_version in latest_versions: - if latest_version["dataset"] == dataset: + if latest_version["dataset"] == dataset or dataset == "cog": if "cog" in path_items: + if version != "latest": return request