24 lines
612 B
Terraform
24 lines
612 B
Terraform
|
resource "aws_iam_policy" "lambda_policy" {
|
||
|
name = "lambda_policy"
|
||
|
policy = jsonencode({
|
||
|
Version = "2012-10-17",
|
||
|
Statement = [
|
||
|
{
|
||
|
Effect = "Allow",
|
||
|
Action = [
|
||
|
"s3:GetObject",
|
||
|
"s3:PutObject"
|
||
|
],
|
||
|
Resource = [
|
||
|
"arn:aws:s3:::${aws_s3_bucket.raw_bucket.id}/*",
|
||
|
"arn:aws:s3:::${aws_s3_bucket.processed_bucket.id}/*"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
Effect = "Allow",
|
||
|
Action = "ssm:GetParameter",
|
||
|
Resource = "arn:aws:ssm:${var.region}:${var.account_number}:parameter/s3_processed_bucket_name"
|
||
|
}
|
||
|
]
|
||
|
})
|
||
|
}
|