Locking down the resource path

chrisbloe · chrisbloe · commit 1671f74e7083 · 2025-10-21T13:55:44.000+01:00
diff --git a/infrastructure/policies.tf b/infrastructure/policies.tf
@@ -54,7 +54,7 @@ resource "aws_iam_policy" "production_support" {
           "transfer:CreateUser"
         ],
         Resource = [
-          "*"
+          "arn:aws:transfer:eu-west-2:${data.aws_caller_identity.current.account_id}:*"
         ]
       }
     ]

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ resource "aws_iam_policy" "production_support" {`
`54`	`54`	`"transfer:CreateUser"`
`55`	`55`	`],`
`56`	`56`	`Resource = [`
`57`		`- "*"`
	`57`	`+ "arn:aws:transfer:eu-west-2:${data.aws_caller_identity.current.account_id}:*"`
`58`	`58`	`]`
`59`	`59`	`}`
`60`	`60`	`]`