| 1234567891011121314151617181920212223 |
- #------------------------------------------------------------------------------------------
- # For feedmgmt
- #------------------------------------------------------------------------------------------
- data "aws_iam_policy_document" "mdr_feedmgmt_s3access" {
- statement {
- sid = "S3BucketAccess"
- effect = "Allow"
- actions = [
- "s3:GetObject",
- "s3:GetObjectVersion",
- ]
- # tfsec:ignore:aws-iam-no-policy-wildcards - baseline this setting first. Lockdown after baselining IAM permissions
- resources = [
- "arn:${local.aws_partition}:s3:::xdr-codebuild-artifacts/*",
- ]
- }
- }
- resource "aws_iam_policy" "mdr_feedmgmt_s3access" {
- name = "mdr_feedmgmt_s3access"
- path = "/user/"
- policy = data.aws_iam_policy_document.mdr_feedmgmt_s3access.json
- }
|
