Skip to content

Commit

Permalink
allow access to airflow env stg or prod in all containers (#1997)
Browse files Browse the repository at this point in the history
* allow access to airflow env stg or prod in all containers

* add the arn in prod
  • Loading branch information
Tian-2017 authored Nov 26, 2024
1 parent 3faba2f commit 579918a
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion terraform/modules/department/50-aws-iam-policies.tf
Original file line number Diff line number Diff line change
Expand Up @@ -433,7 +433,9 @@ data "aws_iam_policy_document" "secrets_manager_read_only" {
aws_secretsmanager_secret.redshift_cluster_credentials.arn,
module.google_service_account.credentials_secret.arn,
"arn:aws:secretsmanager:eu-west-2:${data.aws_caller_identity.current.account_id}:secret:${var.identifier_prefix}/${local.department_identifier}/*",
"arn:aws:secretsmanager:eu-west-2:${data.aws_caller_identity.current.account_id}:secret:${var.short_identifier_prefix}/${local.department_identifier}*"
"arn:aws:secretsmanager:eu-west-2:${data.aws_caller_identity.current.account_id}:secret:${var.short_identifier_prefix}/${local.department_identifier}*",
"arn:aws:secretsmanager:eu-west-2:${data.aws_caller_identity.current.account_id}:secret:airflow/variables/env-fxe5CD",
"arn:aws:secretsmanager:eu-west-2:${data.aws_caller_identity.current.account_id}:secret:airflow/variables/env-jeCYYl",
]
}

Expand Down

0 comments on commit 579918a

Please sign in to comment.