From 579918aca1e011a6704b973b58ab97e4e0d09c88 Mon Sep 17 00:00:00 2001 From: Tian Chen <38001883+Tian-2017@users.noreply.github.com> Date: Tue, 26 Nov 2024 10:58:03 +0000 Subject: [PATCH] allow access to airflow env stg or prod in all containers (#1997) * allow access to airflow env stg or prod in all containers * add the arn in prod --- terraform/modules/department/50-aws-iam-policies.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/terraform/modules/department/50-aws-iam-policies.tf b/terraform/modules/department/50-aws-iam-policies.tf index e45cc9f92..0dcd0d446 100644 --- a/terraform/modules/department/50-aws-iam-policies.tf +++ b/terraform/modules/department/50-aws-iam-policies.tf @@ -433,7 +433,9 @@ data "aws_iam_policy_document" "secrets_manager_read_only" { aws_secretsmanager_secret.redshift_cluster_credentials.arn, module.google_service_account.credentials_secret.arn, "arn:aws:secretsmanager:eu-west-2:${data.aws_caller_identity.current.account_id}:secret:${var.identifier_prefix}/${local.department_identifier}/*", - "arn:aws:secretsmanager:eu-west-2:${data.aws_caller_identity.current.account_id}:secret:${var.short_identifier_prefix}/${local.department_identifier}*" + "arn:aws:secretsmanager:eu-west-2:${data.aws_caller_identity.current.account_id}:secret:${var.short_identifier_prefix}/${local.department_identifier}*", + "arn:aws:secretsmanager:eu-west-2:${data.aws_caller_identity.current.account_id}:secret:airflow/variables/env-fxe5CD", + "arn:aws:secretsmanager:eu-west-2:${data.aws_caller_identity.current.account_id}:secret:airflow/variables/env-jeCYYl", ] }