Skip to content

Commit

Permalink
expand s3 bucket permissions (#11)
Browse files Browse the repository at this point in the history 
* expand s3 permissions
  • Loading branch information
@ntno
ntno authored Jul 21, 2023
1 parent 2fff7e0 commit 16a1175
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 14 deletions.
16 changes: 4 additions & 12 deletions modules/ci-role/templates/read-write-temp-site.tftpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,19 +6,11 @@
"Sid": "CreateDestroyCiBuckets",
"Effect": "Allow",
"Action": [
"s3:GetBucketPublicAccessBlock",
"s3:PutBucketPublicAccessBlock",
"s3:PutEncryptionConfiguration",
"s3:DeleteBucketWebsite",
"s3:GetBucketWebsite",
"s3:PutBucketWebsite",
"s3:PutBucketPolicy",
"s3:GetBucket*",
"s3:PutBucket*",
"s3:DeleteBucket*",
"s3:CreateBucket",
"s3:GetBucketAcl",
"s3:PutBucketAcl",
"s3:DeleteBucketPolicy",
"s3:DeleteBucket",
"s3:GetBucketPolicy",
"s3:PutEncryptionConfiguration",
"s3:GetEncryptionConfiguration"
],
"Resource": [
Expand Down
4 changes: 2 additions & 2 deletions modules/dynamic-ssm-policy/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ data "aws_region" "current" {}

# handle when optional values are null
locals {
read_path_count = can(length(var.read)) ? length(var.read) : 0
write_path_count = can(length(var.write)) ? length(var.write) : 0
read_path_count = can(length(var.read)) ? length(var.read) : 0
write_path_count = can(length(var.write)) ? length(var.write) : 0
}

data "aws_iam_policy_document" "ssm_policy_document" {
Expand Down

0 comments on commit 16a1175

Please sign in to comment.