Added missing bucket rights for backend

DELTSV · Apr 26, 2024 · 77f07ec · 77f07ec
1 parent 46cf460
commit 77f07ec
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 0 deletions.
diff --git a/packages/infrastructure/project/backend/role-task.tf b/packages/infrastructure/project/backend/role-task.tf
@@ -52,4 +52,29 @@ resource "aws_iam_role_policy" "ecs_backend_task_execution_ssm_role_policy" {
       },
     ]
   })
+}
+
+resource "aws_iam_role_policy" "ecs_backend_task_execution_ssm_role_policy" {
+  name = "${var.namespace}_ECS_S3_TaskIAMRole_${var.environment}"
+  role = aws_iam_role.ecs_task_execution_role.id
+
+  policy = jsonencode({
+    Version   = "2012-10-17"
+    Statement = [
+      {
+        "Effect" : "Allow",
+        "Action" : [
+          "s3:GetObject",
+          "s3:PutObject",
+          "s3:DeleteObject",
+          "s3:ListBucket",
+          "s3:GetBucketLocation",
+        ],
+        "Resource" : [
+          var.storage_bucket_arn,
+          "${var.storage_bucket_arn}/*"
+        ]
+      },
+    ]
+  })
 }
diff --git a/packages/infrastructure/project/backend/variables.tf b/packages/infrastructure/project/backend/variables.tf
@@ -76,4 +76,9 @@ variable "alb_header_value" {
 variable "storage_s3_bucket_name" {
   type        = string
   description = "The name of the S3 bucket"
+}
+
+variable "storage_bucket_arn" {
+  type        = string
+  description = "The ARN of the S3 bucket used for application storage"
 }
diff --git a/packages/infrastructure/project/modules.tf b/packages/infrastructure/project/modules.tf
@@ -39,6 +39,7 @@ module "backend" {
   rds_db_url             = module.storage.rds_db_url
   alb_header_value       = module.frontend.alb_header_value
   storage_s3_bucket_name = module.storage.application_storage_bucket_name
+  storage_bucket_arn     = module.storage.application_storage_bucket_arn
 }
 
 module "domain" {

diff --git a/packages/infrastructure/project/storage/outputs.tf b/packages/infrastructure/project/storage/outputs.tf
@@ -18,6 +18,11 @@ output "application_storage_bucket_id" {
   description = "The ID of the S3 bucket used for application storage"
 }
 
+output "application_storage_bucket_arn" {
+  value       = aws_s3_bucket.application_storage.arn
+  description = "The ARN of the S3 bucket used for application storage"
+}
+
 output "application_storage_bucket_domain_name" {
   value       = aws_s3_bucket.application_storage.bucket_regional_domain_name
   description = "The domain name of the S3 bucket used for application storage"