Merge pull request #62 from ajschofield/tf/lambda-permissions-fix

fix(tf): fix permissions for bucket/object access

1 files changed, 15 insertions, 2 deletions

diff --git a/terraform/iam.tf b/terraform/iam.tf
index 0e5fa6d..7585ff8 100644
--- a/terraform/iam.tf
+++ b/terraform/iam.tf
@@ -28,17 +28,19 @@ resource "aws_iam_role" "multi_service_role" {
 ########################################################################
 # S3 SETUP                                                        
 # Description: allows allows retention/tagging/access control settings
-# Lambda IAM Policy for S3 Write
+# Lambda IAM Policy for S3
 ########################################################################
 
 # S3 DEFINE POLICY
 data "aws_iam_policy_document" "s3_data_policy_doc" {
   statement {
+    effect = "Allow"
     actions = [
       "s3:PutObject",
       "s3:PutObjectRetention",
       "s3:PutObjectTagging",
-      "s3:PutObjectAcl"
+      "s3:PutObjectAcl",
+      "s3:ListObjects"
     ]
     resources = [
       "${aws_s3_bucket.extract_bucket.arn}/*",
@@ -46,6 +48,17 @@ data "aws_iam_policy_document" "s3_data_policy_doc" {
       "${aws_s3_bucket.lambda_code_bucket.arn}/*",
     ]
   }
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:ListBuckets",
+      "s3:ListAllMyBuckets"
+    ]
+    resources = [
+      "arn:aws:s3:::*",
+    ]
+  }
 }