Skip to content

Commit

Permalink
limit the fme permission but add unrestricted access in raw zone
Browse files Browse the repository at this point in the history
  • Loading branch information
Tian-2017 committed Nov 4, 2024
1 parent 837cc3f commit b18f202
Showing 1 changed file with 3 additions and 8 deletions.
11 changes: 3 additions & 8 deletions terraform/core/23-FME-iam.tf
Original file line number Diff line number Diff line change
Expand Up @@ -115,9 +115,7 @@ data "aws_iam_policy_document" "fme_access_to_s3" {
"s3:GetObjectVersion",
]
resources = [
"${module.raw_zone.bucket_arn}/*",
"${module.refined_zone.bucket_arn}/*",
"${module.trusted_zone.bucket_arn}/*",
"${module.raw_zone.bucket_arn}/unrestricted/*",
"${module.athena_storage.bucket_arn}/primary/*"
]
}
Expand All @@ -128,8 +126,7 @@ data "aws_iam_policy_document" "fme_access_to_s3" {
"s3:PutObject"
]
resources = [
"${module.refined_zone.bucket_arn}/*",
"${module.trusted_zone.bucket_arn}/*",
"${module.raw_zone.bucket_arn}/unrestricted/*",
"${module.athena_storage.bucket_arn}/primary/*"
]
}
Expand All @@ -144,8 +141,6 @@ data "aws_iam_policy_document" "fme_access_to_s3" {
resources = [
module.athena_storage.kms_key_arn,
module.raw_zone.kms_key_arn,
module.refined_zone.kms_key_arn,
module.trusted_zone.kms_key_arn
]
}
}
}

0 comments on commit b18f202

Please sign in to comment.