diff options
| -rw-r--r-- | terraform/iam.tf | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/terraform/iam.tf b/terraform/iam.tf index 7501373..b9919a5 100644 --- a/terraform/iam.tf +++ b/terraform/iam.tf @@ -1,5 +1,3 @@ -# define - resource "aws_iam_role" "bentley_service_role" { assume_role_policy = <<EOF { @@ -24,6 +22,27 @@ resource "aws_iam_role" "bentley_service_role" { EOF } -# create - -# attach
\ No newline at end of file +# s3 setup +# allows to list and retrieve s3 buckets, and allows retention/tagging/access control settings +data "aws_iam_policy_document" "s3_data_policy_doc" { + statement { + actions = [ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation" + ] + resources = ["arn:aws:s3:::*"] + } + + statement { + actions = [ + "s3:PutObject", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectAcl" + ] + resources = [ + "${aws_s3_bucket.data_bucket.arn}/*", + "${aws_s3_bucket.code_bucket.arn}/*" + ] + } +}
\ No newline at end of file |