Skip to content

Commit

Permalink
fix permissions for lambda func (#15)
Browse files Browse the repository at this point in the history
Co-authored-by: Hieu Doan <[email protected]>
  • Loading branch information
Hiieu and Hiieu authored Oct 14, 2021
1 parent 6f9d8c9 commit 9be44ab
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions terraform/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ resource "aws_s3_bucket_object" "config_file" {

resource "aws_s3_bucket_object" "trusted_data_file" {
bucket = aws_s3_bucket.secure_pipeline.bucket
key = "${var.repository}/trusted_data.json"
key = "${var.repository}/trusted-data.json"
source = var.trusted_data_file
source_hash = filemd5(var.trusted_data_file)
depends_on = [aws_s3_bucket.secure_pipeline]
Expand Down Expand Up @@ -87,13 +87,15 @@ resource "aws_iam_role" "lambda" {
"Effect" : "Allow",
"Action" : [
"s3:GetObject",
"s3:ListBucket",
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:PutLogEvents",
],
"Resource" : [
"arn:aws:logs:${var.region}:${data.aws_caller_identity.current.account_id}:log-group:${aws_cloudwatch_log_group.lambda.name}",
"arn:aws:logs:${var.region}:${data.aws_caller_identity.current.account_id}:log-group:${aws_cloudwatch_log_group.lambda.name}:log-stream:${aws_cloudwatch_log_stream.lambda.name}",
"arn:aws:s3:::${aws_s3_bucket.secure_pipeline.bucket}",
"arn:aws:s3:::${aws_s3_bucket.secure_pipeline.bucket}/*",
]
},
Expand All @@ -104,7 +106,7 @@ resource "aws_iam_role" "lambda" {
"ssm:GetParameter",
],
"Resource" : [
"arn:aws:ssm:${var.region}:${data.aws_caller_identity.current.account_id}:parameter/${aws_ssm_parameter.last_run.name}",
"arn:aws:ssm:${var.region}:${data.aws_caller_identity.current.account_id}:parameter${aws_ssm_parameter.last_run.name}",
]
}
]
Expand Down

0 comments on commit 9be44ab

Please sign in to comment.