From b18f202515bd4612b33c475ac569fb42d2c29551 Mon Sep 17 00:00:00 2001 From: Tian-2017 Date: Mon, 4 Nov 2024 15:41:33 +0000 Subject: [PATCH] limit the fme permission but add unrestricted access in raw zone --- terraform/core/23-FME-iam.tf | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/terraform/core/23-FME-iam.tf b/terraform/core/23-FME-iam.tf index 60b90af7b..715846054 100644 --- a/terraform/core/23-FME-iam.tf +++ b/terraform/core/23-FME-iam.tf @@ -115,9 +115,7 @@ data "aws_iam_policy_document" "fme_access_to_s3" { "s3:GetObjectVersion", ] resources = [ - "${module.raw_zone.bucket_arn}/*", - "${module.refined_zone.bucket_arn}/*", - "${module.trusted_zone.bucket_arn}/*", + "${module.raw_zone.bucket_arn}/unrestricted/*", "${module.athena_storage.bucket_arn}/primary/*" ] } @@ -128,8 +126,7 @@ data "aws_iam_policy_document" "fme_access_to_s3" { "s3:PutObject" ] resources = [ - "${module.refined_zone.bucket_arn}/*", - "${module.trusted_zone.bucket_arn}/*", + "${module.raw_zone.bucket_arn}/unrestricted/*", "${module.athena_storage.bucket_arn}/primary/*" ] } @@ -144,8 +141,6 @@ data "aws_iam_policy_document" "fme_access_to_s3" { resources = [ module.athena_storage.kms_key_arn, module.raw_zone.kms_key_arn, - module.refined_zone.kms_key_arn, - module.trusted_zone.kms_key_arn ] } -} \ No newline at end of file +}