Skip to content

Commit 92e339b

Browse files
committed
feat(etl-ods): FTRS-3181 use newly created CMK with the etl scheduler
1 parent a6c4402 commit 92e339b

File tree

2 files changed

+13
-11
lines changed

2 files changed

+13
-11
lines changed

infrastructure/stacks/etl_ods/data.tf

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -156,17 +156,6 @@ data "aws_iam_policy_document" "ods_etl_scheduler_invoke_policy" {
156156
module.extractor_lambda.lambda_function_arn
157157
]
158158
}
159-
160-
statement {
161-
effect = "Allow"
162-
actions = [
163-
"kms:Decrypt",
164-
"kms:DescribeKey",
165-
"kms:CreateGrant",
166-
"kms:ReEncrypt"
167-
]
168-
resources = [data.aws_kms_key.scheduler_kms_key.arn]
169-
}
170159
}
171160

172161
data "aws_kms_key" "sqs_kms_alias" {

infrastructure/stacks/etl_ods/iam.tf

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,19 @@ resource "aws_iam_role" "ods_etl_scheduler_invoke_role" {
1111
Service = "scheduler.amazonaws.com"
1212
}
1313
Action = "sts:AssumeRole"
14+
},
15+
{
16+
Effect = "Allow"
17+
Principal = {
18+
Service = "s3.amazonaws.com"
19+
},
20+
Actions = [
21+
"kms:Decrypt",
22+
"kms:DescribeKey",
23+
"kms:CreateGrant",
24+
"kms:ReEncrypt"
25+
]
26+
resources = [data.aws_kms_key.scheduler_kms_key.arn]
1427
}
1528
]
1629
})

0 commit comments

Comments
 (0)