permissions for reading our bucket

Author: hobu

docker/info-event.tftpl

@@ -9,7 +9,7 @@
       "userIdentity": {
         "principalId": "AWS:AIDAINPONIXQXHT3IKHL2"
       },
-      "requestParameters": {
+      "requestParameters":  {
         "sourceIPAddress": "205.255.255.255"
       },
       "responseElements": {
@@ -20,7 +20,7 @@
         "s3SchemaVersion": "1.0",
         "configurationId": "828aa6fc-f7b5-4305-8584-487c791949c1",
         "bucket": {
-          "name": "${bucket}",
+          "name": "${ bucket}",
           "ownerIdentity": {
             "principalId": "A3I5XTEXAMAI3E"
           },

terraform/resources/roles.tf

@@ -38,7 +38,7 @@ data "aws_iam_policy_document" "iam_for_lambda_policy_document" {
         "s3:DeleteObject",
     ]
     effect    = "Allow"
-    resources = [aws_s3_bucket.storage.arn]
+    resources = [aws_s3_bucket.storage.arn,"${aws_s3_bucket.storage.arn}/*"]
     sid       = "ReadS3"
   }
 

terraform/resources/storage.tf

@@ -36,17 +36,16 @@ output "bucket" {
 
 locals {
     our_rendered_content = templatefile("${path.root}/../docker/info-event.tftpl", {bucket = aws_s3_bucket.storage.bucket})
+    triggers = {
+      template_file = md5(file("${path.root}/../docker/info-event.tftpl"))
+    }
 }
 
 resource "null_resource" "local" {
   triggers = {
     template = local.our_rendered_content
   }
 
-  depends_on = [
-    aws_s3_bucket.storage,
-  ]
-
   # Render to local file on machine
   # https://github.com/hashicorp/terraform/issues/8090#issuecomment-291823613
   provisioner "local-exec" {