[PRMT-862] updated policies to allow to shut down transfer family

PedroSoaresNHS · PedroSoaresNHS · commit 1bd0b77948c3 · 2025-11-25T11:09:47.000Z
diff --git a/infrastructure/policies.tf b/infrastructure/policies.tf
@@ -67,6 +67,11 @@ resource "aws_iam_policy" "administrator_permission_restrictions" {
     Workspace = "core"
   }
 }
+data "aws_ssm_parameter" "transfer_server_id" {
+  name           = "/prs/${var.environment}/transfer-server-id"
+  with_decryption = true
+}
+
 resource "aws_iam_policy" "transfer_kill_switch_policy" {
   name = "${terraform.workspace}_transfer_kill_switch_policy"
 
@@ -80,7 +85,7 @@ resource "aws_iam_policy" "transfer_kill_switch_policy" {
           "transfer:DescribeServer"
         ],
         Resource = [
-          "arn:aws:transfer:${var.region}:${data.aws_caller_identity.current.account_id}:server/${var.transfer_server_id}"
+          "arn:aws:transfer:${var.region}:${data.aws_caller_identity.current.account_id}:server/${data.aws_ssm_parameter.transfer_server_id.value}"
         ]
       }
     ]

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,11 @@ resource "aws_iam_policy" "administrator_permission_restrictions" {`
`67`	`67`	`Workspace = "core"`
`68`	`68`	`}`
`69`	`69`	`}`
	`70`	`+data "aws_ssm_parameter" "transfer_server_id" {`
	`71`	`+ name = "/prs/${var.environment}/transfer-server-id"`
	`72`	`+ with_decryption = true`
	`73`	`+}`
	`74`	`+`
`70`	`75`	`resource "aws_iam_policy" "transfer_kill_switch_policy" {`
`71`	`76`	`name = "${terraform.workspace}_transfer_kill_switch_policy"`
`72`	`77`
`@@ -80,7 +85,7 @@ resource "aws_iam_policy" "transfer_kill_switch_policy" {`
`80`	`85`	`"transfer:DescribeServer"`
`81`	`86`	`],`
`82`	`87`	`Resource = [`
`83`		`- "arn:aws:transfer:${var.region}:${data.aws_caller_identity.current.account_id}:server/${var.transfer_server_id}"`
	`88`	`+ "arn:aws:transfer:${var.region}:${data.aws_caller_identity.current.account_id}:server/${data.aws_ssm_parameter.transfer_server_id.value}"`
`84`	`89`	`]`
`85`	`90`	`}`
`86`	`91`	`]`