From 178049af86a244b5a067a5278d6f5fb2f5511e47 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 5 Mar 2024 16:38:52 +0100 Subject: [PATCH 1/2] Fastly logs bucket policy to give fastly-log-processor access --- terraform-iam/fastlylog/main.tf | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/terraform-iam/fastlylog/main.tf b/terraform-iam/fastlylog/main.tf index 79524003..64587852 100644 --- a/terraform-iam/fastlylog/main.tf +++ b/terraform-iam/fastlylog/main.tf @@ -31,19 +31,17 @@ resource "aws_s3_bucket_policy" "logs" { "Sid": "AllowNixOSOrgRead", "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::008826681144:user/eelco.dolstra" + "AWS": "arn:aws:iam::008826681144:user/eelco.dolstra", + "AWS": "arn:aws:iam::008826681144:user/fastly-log-processor" }, - "Action": "s3:GetObject", - "Resource": "arn:aws:s3:::${aws_s3_bucket.logs.id}/*" - }, - { - "Sid": "AllowNixOSOrgList", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::008826681144:user/eelco.dolstra" - }, - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::${aws_s3_bucket.logs.id}" + "Action": [ + "s3:GetObject", + "s3:ListBucket" + ], + "Resource": [ + "arn:aws:s3:::${aws_s3_bucket.logs.id}/*", + "arn:aws:s3:::${aws_s3_bucket.logs.id}" + ] } ] } From 24cda61d28e486ca8a3f15d5fa1e77bf9c969a97 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 5 Mar 2024 16:51:43 +0100 Subject: [PATCH 2/2] Remove stray line --- terraform-iam/fastlylog/main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/terraform-iam/fastlylog/main.tf b/terraform-iam/fastlylog/main.tf index 64587852..fcb0b321 100644 --- a/terraform-iam/fastlylog/main.tf +++ b/terraform-iam/fastlylog/main.tf @@ -31,7 +31,6 @@ resource "aws_s3_bucket_policy" "logs" { "Sid": "AllowNixOSOrgRead", "Effect": "Allow", "Principal": { - "AWS": "arn:aws:iam::008826681144:user/eelco.dolstra", "AWS": "arn:aws:iam::008826681144:user/fastly-log-processor" }, "Action": [