File tree Expand file tree Collapse file tree 1 file changed +58
-2
lines changed
Expand file tree Collapse file tree 1 file changed +58
-2
lines changed Original file line number Diff line number Diff line change @@ -48,10 +48,66 @@ resource "aws_iam_policy" "production_support" {
4848 Version = " 2012-10-17"
4949 Statement = [
5050 {
51- Sid = " AWS Transfer Family "
51+ Sid = " AllowListBucketsForConsole "
5252 Effect = " Allow"
5353 Action = [
54- " transfer:CreateUser"
54+ " s3:ListAllMyBuckets"
55+ " s3:GetBucketLocation"
56+ ],
57+ Resource = [
58+ " arn:aws:s3:::*"
59+ ]
60+ },
61+ {
62+ Sid = " AllowListRootFoldersInProdStagingBulkStore"
63+ Effect = " Allow"
64+ Action = [
65+ " s3:ListBucket"
66+ ],
67+ Resource = [
68+ " arn:aws:s3:::prod-staging-bulk-store"
69+ ]
70+ Condition = {
71+ StringEquals = {
72+ " s3:delimiter" = " /"
73+ }
74+ StringEqualsIfExists = {
75+ " s3:prefix" = " "
76+ }
77+ }
78+ },
79+ {
80+ Sid = " AllowCreateRootFoldersOnlyInProdStagingBulkStore"
81+ Effect = " Allow"
82+ Action = " s3:PutObject"
83+ Resource = " arn:aws:s3:::prod-staging-bulk-store/*"
84+ Condition = {
85+ StringLike = {
86+ " s3:prefix" = " [^/]+/"
87+ }
88+ }
89+ },
90+ {
91+ Sid = " ExplicitDenyObjectAccessInProdStagingBulkStore"
92+ Effect = " Deny"
93+ Action = [
94+ " s3:GetObject"
95+ " s3:GetObjectVersion"
96+ " s3:GetObjectAcl"
97+ " s3:GetObjectTagging"
98+ ],
99+ Resource = [
100+ " arn:aws:s3:::prod-staging-bulk-store/*"
101+ ]
102+ },
103+ {
104+ Sid = " AWSTransferFamilyManager"
105+ Effect = " Allow"
106+ Action = [
107+ " transfer:CreateUser"
108+ " transfer:Describe*"
109+ " transfer:List*"
110+ " transfer:TestIdentityProvider"
55111 ],
56112 Resource = [
57113 " arn:aws:transfer:eu-west-2:${ data . aws_caller_identity . current . account_id } :*"
You can’t perform that action at this time.
0 commit comments