Skip to content

Commit

Permalink
using loops to handle the permission
Browse files Browse the repository at this point in the history
  • Loading branch information
Tian-2017 committed Nov 7, 2024
1 parent deedc6d commit c26a49e
Showing 1 changed file with 22 additions and 19 deletions.
41 changes: 22 additions & 19 deletions terraform/core/23-FME-iam.tf
Original file line number Diff line number Diff line change
Expand Up @@ -114,24 +114,26 @@ data "aws_iam_policy_document" "fme_access_to_s3" {
"s3:GetObject",
"s3:GetObjectVersion",
]
resources = [
"${module.raw_zone.bucket_arn}/unrestricted/*",
"${module.athena_storage.bucket_arn}/primary/*",
"${module.raw_zone.bucket_arn}/data-and-insight/*",
"${module.raw_zone.bucket_arn}/env-enforcement/*",
"${module.raw_zone.bucket_arn}/env-services/*",
"${module.raw_zone.bucket_arn}/housing/*",
"${module.raw_zone.bucket_arn}/parking/*",
"${module.raw_zone.bucket_arn}/planning/*",
"${module.raw_zone.bucket_arn}/streetscene/*",
"${module.refined_zone.bucket_arn}/data-and-insight/*",
"${module.refined_zone.bucket_arn}/env-enforcement/*",
"${module.refined_zone.bucket_arn}/env-services/*",
"${module.refined_zone.bucket_arn}/housing/*",
"${module.refined_zone.bucket_arn}/parking/*",
"${module.refined_zone.bucket_arn}/planning/*",
"${module.refined_zone.bucket_arn}/streetscene/*"
]
resources = concat(
[
"${module.athena_storage.bucket_arn}/primary/*",
],
[
for folder in [
"unrestricted",
"data-and-insight",
"env-enforcement",
"env-services",
"housing",
"parking",
"planning",
"streetscene"
] :
"${module.raw_zone.bucket_arn}/${folder}/*",
"${module.refined_zone.bucket_arn}/${folder}/*",
"${module.trusted_zone.bucket_arn}/${folder}/*"
]
)
}

statement {
Expand All @@ -155,7 +157,8 @@ data "aws_iam_policy_document" "fme_access_to_s3" {
resources = [
module.athena_storage.kms_key_arn,
module.raw_zone.kms_key_arn,
module.refined_zone.kms_key_arn
module.refined_zone.kms_key_arn,
module.trusted_zone.kms_key_arn
]
}
}

0 comments on commit c26a49e

Please sign in to comment.