24 lines
612 B
HCL
24 lines
612 B
HCL
resource "aws_iam_policy" "lambda_policy" {
|
|
name = "lambda_policy"
|
|
policy = jsonencode({
|
|
Version = "2012-10-17",
|
|
Statement = [
|
|
{
|
|
Effect = "Allow",
|
|
Action = [
|
|
"s3:GetObject",
|
|
"s3:PutObject"
|
|
],
|
|
Resource = [
|
|
"arn:aws:s3:::${aws_s3_bucket.raw_bucket.id}/*",
|
|
"arn:aws:s3:::${aws_s3_bucket.processed_bucket.id}/*"
|
|
]
|
|
},
|
|
{
|
|
Effect = "Allow",
|
|
Action = "ssm:GetParameter",
|
|
Resource = "arn:aws:ssm:${var.region}:${var.account_number}:parameter/s3_processed_bucket_name"
|
|
}
|
|
]
|
|
})
|
|
} |