Skip to content

Commit

Permalink
Allow crater instance S3 access
Browse files Browse the repository at this point in the history
  • Loading branch information
@Mark-Simulacrum
Mark-Simulacrum committed Oct 28, 2023
1 parent 76d3931 commit cff6231
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 0 deletions.
3 changes: 3 additions & 0 deletions terraform/crater/.terraform.lock.hcl
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

34 changes: 34 additions & 0 deletions terraform/crater/instance.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,40 @@ resource "aws_iam_role" "crater" {
})
}


resource "aws_iam_policy" "s3_access" {
name = "crater-s3-access"

policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"s3:PutObject",
"s3:PutObjectACL",
"s3:GetObject",
"s3:GetObjectACL",
"s3:GetBucketLocation",
"s3:CreateMultipartUpload",
"s3:UploadPart",
"s3:CompleteMultipartUpload",
"s3:AbortMultipartUpload"
]
Resource = [
"arn:aws:s3:::crater-reports/*",
"arn:aws:s3:::crater-reports"
]
},
]
})
}

resource "aws_iam_role_policy_attachment" "s3_access" {
role = aws_iam_role.crater.name
policy_arn = aws_iam_policy.s3_access.arn
}

resource "aws_iam_role_policy_attachment" "ci_pull" {
role = aws_iam_role.crater.name
policy_arn = module.ecr.policy_pull_arn
Expand Down

0 comments on commit cff6231

Please sign in to comment.