Skip to content

Commit 7c9c954

Browse files
marcoienimarcoieni
authored
Merge pull request #943 from rust-lang/fix-content-team-permission-for-s3-bucket
fix content team permission for s3 bucket
2 parents 4348f2b + 9d7c1c1 commit 7c9c954

File tree

1 file changed

+16
-8
lines changed

1 file changed

+16
-8
lines changed

terragrunt/modules/aws-organization/content.tf

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -10,22 +10,30 @@ resource "aws_ssoadmin_permission_set_inline_policy" "content_s3_write" {
1010
inline_policy = jsonencode({
1111
Version = "2012-10-17"
1212
Statement = [
13+
{
14+
Sid = "S3ListContentBucket"
15+
Effect = "Allow"
16+
Action = [
17+
"s3:ListBucket",
18+
"s3:GetBucketLocation",
19+
]
20+
Resource = [
21+
"arn:aws:s3:::rust-content-internal",
22+
"arn:aws:s3:::rust-content-public"
23+
]
24+
},
1325
{
1426
Sid = "S3Permissions"
1527
Effect = "Allow"
1628
Action = [
1729
"s3:GetObject",
1830
"s3:PutObject",
1931
"s3:DeleteObject",
20-
"s3:ListBucket",
21-
"s3:GetBucketLocation",
2232
]
23-
Resource = "*"
24-
Condition = {
25-
StringEquals = {
26-
"s3:ResourceTag/TeamAccess" = "content"
27-
}
28-
}
33+
Resource = [
34+
"arn:aws:s3:::rust-content-internal/*",
35+
"arn:aws:s3:::rust-content-public/*"
36+
]
2937
},
3038
{
3139
Sid = "CloudFrontUnrestrictedPermissions"

0 commit comments

Comments
 (0)