allow departmental role to see the user upload database

Tian-2017 · Tian-2017 · commit 09619046d5a3 · 2025-12-03T15:18:18.000Z
diff --git a/terraform/core/05-departments.tf b/terraform/core/05-departments.tf
@@ -155,7 +155,7 @@ module "department_data_and_insight" {
   user_uploads_bucket             = module.user_uploads
   cloudtrail_bucket               = module.cloudtrail_storage
   additional_glue_database_access = {
-    read_only  = []
+    read_only  = ["data_and_insight_user_uploads_db"]
     read_write = ["arcus_archive", "metastore"]
   }
   additional_s3_access = [
@@ -277,6 +277,10 @@ module "department_unrestricted" {
   mwaa_etl_scripts_bucket_arn     = aws_s3_bucket.mwaa_etl_scripts_bucket.arn
   mwaa_key_arn                    = aws_kms_key.mwaa_key.arn
   user_uploads_bucket             = module.user_uploads
+  additional_glue_database_access = {
+    read_only  = ["unrestricted_user_uploads_db"]
+    read_write = []
+  }
 }
 
 module "department_sandbox" {
@@ -389,6 +393,7 @@ module "department_revenues" {
     read_only = [
       "nndr_raw_zone",
       "ctax_raw_zone",
+      "revenues_user_uploads_db",
     ]
     read_write = []
   }
@@ -427,6 +432,10 @@ module "department_environmental_services" {
   mwaa_etl_scripts_bucket_arn     = aws_s3_bucket.mwaa_etl_scripts_bucket.arn
   mwaa_key_arn                    = aws_kms_key.mwaa_key.arn
   user_uploads_bucket             = module.user_uploads
+  additional_glue_database_access = {
+    read_only  = ["env_services_user_uploads_db"]
+    read_write = []
+  }
 }
 
 module "department_housing" {
@@ -483,7 +492,7 @@ module "department_housing" {
     }
   ]
   additional_glue_database_access = {
-    read_only  = []
+    read_only  = ["housing_user_uploads_db"]
     read_write = ["housing_service_requests_ieg4", "housing_nec_migration", "housing_nec_migration_outputs"]
   }
 }
@@ -659,7 +668,7 @@ module "department_children_family_services" {
   mwaa_key_arn                    = aws_kms_key.mwaa_key.arn
   user_uploads_bucket             = module.user_uploads
   additional_glue_database_access = {
-    read_only  = ["child_edu_refined", "hackney_casemanagement_live", "hackney_synergy_live"]
+    read_only  = ["child_edu_refined", "hackney_casemanagement_live", "hackney_synergy_live", "child_fam_services_user_uploads_db"]
     read_write = []
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -155,7 +155,7 @@ module "department_data_and_insight" {`
`155`	`155`	`user_uploads_bucket = module.user_uploads`
`156`	`156`	`cloudtrail_bucket = module.cloudtrail_storage`
`157`	`157`	`additional_glue_database_access = {`
`158`		`- read_only = []`
	`158`	`+ read_only = ["data_and_insight_user_uploads_db"]`
`159`	`159`	`read_write = ["arcus_archive", "metastore"]`
`160`	`160`	`}`
`161`	`161`	`additional_s3_access = [`
`@@ -277,6 +277,10 @@ module "department_unrestricted" {`
`277`	`277`	`mwaa_etl_scripts_bucket_arn = aws_s3_bucket.mwaa_etl_scripts_bucket.arn`
`278`	`278`	`mwaa_key_arn = aws_kms_key.mwaa_key.arn`
`279`	`279`	`user_uploads_bucket = module.user_uploads`
	`280`	`+ additional_glue_database_access = {`
	`281`	`+ read_only = ["unrestricted_user_uploads_db"]`
	`282`	`+ read_write = []`
	`283`	`+ }`
`280`	`284`	`}`
`281`	`285`
`282`	`286`	`module "department_sandbox" {`
`@@ -389,6 +393,7 @@ module "department_revenues" {`
`389`	`393`	`read_only = [`
`390`	`394`	`"nndr_raw_zone",`
`391`	`395`	`"ctax_raw_zone",`
	`396`	`+ "revenues_user_uploads_db",`
`392`	`397`	`]`
`393`	`398`	`read_write = []`
`394`	`399`	`}`
`@@ -427,6 +432,10 @@ module "department_environmental_services" {`
`427`	`432`	`mwaa_etl_scripts_bucket_arn = aws_s3_bucket.mwaa_etl_scripts_bucket.arn`
`428`	`433`	`mwaa_key_arn = aws_kms_key.mwaa_key.arn`
`429`	`434`	`user_uploads_bucket = module.user_uploads`
	`435`	`+ additional_glue_database_access = {`
	`436`	`+ read_only = ["env_services_user_uploads_db"]`
	`437`	`+ read_write = []`
	`438`	`+ }`
`430`	`439`	`}`
`431`	`440`
`432`	`441`	`module "department_housing" {`
`@@ -483,7 +492,7 @@ module "department_housing" {`
`483`	`492`	`}`
`484`	`493`	`]`
`485`	`494`	`additional_glue_database_access = {`
`486`		`- read_only = []`
	`495`	`+ read_only = ["housing_user_uploads_db"]`
`487`	`496`	`read_write = ["housing_service_requests_ieg4", "housing_nec_migration", "housing_nec_migration_outputs"]`
`488`	`497`	`}`
`489`	`498`	`}`
`@@ -659,7 +668,7 @@ module "department_children_family_services" {`
`659`	`668`	`mwaa_key_arn = aws_kms_key.mwaa_key.arn`
`660`	`669`	`user_uploads_bucket = module.user_uploads`
`661`	`670`	`additional_glue_database_access = {`
`662`		`- read_only = ["child_edu_refined", "hackney_casemanagement_live", "hackney_synergy_live"]`
	`671`	`+ read_only = ["child_edu_refined", "hackney_casemanagement_live", "hackney_synergy_live", "child_fam_services_user_uploads_db"]`
`663`	`672`	`read_write = []`
`664`	`673`	`}`
`665`	`674`	`}`