Merge pull request #241 from rylev/limit-s3-perms

rylev · web-flow · commit 17f2216002c7 · 2023-02-16T12:00:55.000+01:00
Limit the s3 permissions of the docs-rs builder
diff --git a/terragrunt/modules/docs-rs/builder.tf b/terragrunt/modules/docs-rs/builder.tf
@@ -32,7 +32,12 @@ resource "aws_iam_role_policy" "builder_s3" {
       // Access to s3
       {
         Effect = "Allow"
-        Action = "s3:*"
+        Action = [
+          "s3:PutObject",
+          "s3:ListBucket",
+          "s3:PutObjectTagging",
+          "s3:DeleteObject"
+        ]
 
         Resource = [
           aws_s3_bucket.storage.arn,
