aboutsummaryrefslogtreecommitdiffstats
path: root/terraform/iam.tf
diff options
context:
space:
mode:
Diffstat (limited to 'terraform/iam.tf')
-rw-r--r--terraform/iam.tf17
1 files changed, 15 insertions, 2 deletions
diff --git a/terraform/iam.tf b/terraform/iam.tf
index 0e5fa6d..7585ff8 100644
--- a/terraform/iam.tf
+++ b/terraform/iam.tf
@@ -28,17 +28,19 @@ resource "aws_iam_role" "multi_service_role" {
########################################################################
# S3 SETUP
# Description: allows allows retention/tagging/access control settings
-# Lambda IAM Policy for S3 Write
+# Lambda IAM Policy for S3
########################################################################
# S3 DEFINE POLICY
data "aws_iam_policy_document" "s3_data_policy_doc" {
statement {
+ effect = "Allow"
actions = [
"s3:PutObject",
"s3:PutObjectRetention",
"s3:PutObjectTagging",
- "s3:PutObjectAcl"
+ "s3:PutObjectAcl",
+ "s3:ListObjects"
]
resources = [
"${aws_s3_bucket.extract_bucket.arn}/*",
@@ -46,6 +48,17 @@ data "aws_iam_policy_document" "s3_data_policy_doc" {
"${aws_s3_bucket.lambda_code_bucket.arn}/*",
]
}
+
+ statement {
+ effect = "Allow"
+ actions = [
+ "s3:ListBuckets",
+ "s3:ListAllMyBuckets"
+ ]
+ resources = [
+ "arn:aws:s3:::*",
+ ]
+ }
}
git.ajschof.me — hosted by ajschofield — powered by cgit