DL-148-create-bucket-and-grant-permission-for-datahub-YAML-ingestion (#2577)

Tian-2017 · web-flow · commit 9d83513533d3 · 2025-12-02T12:28:40.000Z
* create datahub config bucket

* grand D&amp;I the read permission
diff --git a/terraform/compliance/s3.feature b/terraform/compliance/s3.feature
@@ -13,6 +13,7 @@ Feature: S3
   @exclude_module.file_sync_destination_nec.aws_s3_bucket.log_bucket
   @exclude_module.arcus_data_storage.aws_s3_bucket.bucket
   @exclude_module.user_uploads.aws_s3_bucket.bucket
+  @exclude_module.datahub_config.aws_s3_bucket.bucket
 
   # This rule is in place for legacy buckets created with the deprecated block within the aws_s3_bucket resource
   Scenario: Data must be encrypted at rest for buckets created using server_side_encryption_configuration property within bucket resource
diff --git a/terraform/core/05-departments.tf b/terraform/core/05-departments.tf
@@ -165,6 +165,12 @@ module "department_data_and_insight" {
       paths       = []
       actions     = ["s3:Get*", "s3:List*", ]
     },
+    {
+      bucket_arn  = module.datahub_config.bucket_arn
+      kms_key_arn = module.datahub_config.kms_key_arn
+      paths       = []
+      actions     = ["s3:Get*", "s3:List*", ]
+    },
   ]
 }
 
diff --git a/terraform/core/10-aws-s3-utility-buckets.tf b/terraform/core/10-aws-s3-utility-buckets.tf
@@ -164,6 +164,21 @@ module "user_uploads" {
   include_backup_policy_tags = false
 }
 
+#===============================================================================
+# DataHub Config Bucket to store the DataHub YAML configuration files
+#===============================================================================
+
+module "datahub_config" {
+  source                     = "../modules/s3-bucket"
+  tags                       = module.tags.values
+  project                    = var.project
+  environment                = var.environment
+  identifier_prefix          = local.identifier_prefix
+  bucket_name                = "datahub-config"
+  bucket_identifier          = "datahub-config"
+  include_backup_policy_tags = false
+}
+
 #===============================================================================
 # MWAA Buckets
 #===============================================================================

Original file line number	Diff line number	Diff line change
`@@ -165,6 +165,12 @@ module "department_data_and_insight" {`
`165`	`165`	`paths = []`
`166`	`166`	`actions = ["s3:Get", "s3:List", ]`
`167`	`167`	`},`
	`168`	`+ {`
	`169`	`+ bucket_arn = module.datahub_config.bucket_arn`
	`170`	`+ kms_key_arn = module.datahub_config.kms_key_arn`
	`171`	`+ paths = []`
	`172`	`+ actions = ["s3:Get", "s3:List", ]`
	`173`	`+ },`
`168`	`174`	`]`
`169`	`175`	`}`
`170`	`176`