fix: vol assets bucket role policy (#484)

* fix: updated cdn module * fix: remove original bucket ref * fix: duplicate ref * fix: asset bucket attribute * fix: removed unused ref * fix: asset bucket issue * fix: provider issue * fix: provider issue pt 2 * fix: update lock files * fix: include .gitignore files and remove lock files to resolve issues once and for all * fix: bucket name using local * docs: update Terraform docs * fix: tf-formatting * fix: hardcoded assets bucket policy role --------- Co-authored-by: [email protected] <[email protected]> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
dvsa · Nov 28, 2024 · 9f6aa18 · 9f6aa18
1 parent a25439d
commit 9f6aa18
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 1 deletion.
diff --git a/infra/terraform/accounts/nonprod/main.tf b/infra/terraform/accounts/nonprod/main.tf
@@ -24,6 +24,8 @@ module "environment-remote-state" {
 module "account" {
   source = "../../modules/account"
 
+  assets_bucket_policy_role = "OLCS-DEVAPPCI-DEVCI-OLCSCISLAVE"
+
   create_ecr_resources    = true
   create_assets_bucket    = true
   create_github_resources = true

diff --git a/infra/terraform/accounts/prod/main.tf b/infra/terraform/accounts/prod/main.tf
@@ -24,6 +24,8 @@ module "environment-remote-state" {
 module "account" {
   source = "../../modules/account"
 
+  assets_bucket_policy_role = "OLCS-APPCI-CI-OLCSCISLAVE"
+
   create_ecr_resources    = true
   create_assets_bucket    = true
   create_github_resources = true

diff --git a/infra/terraform/modules/account/README.md b/infra/terraform/modules/account/README.md
@@ -33,6 +33,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_assets_bucket_policy_role"></a> [assets\_bucket\_policy\_role](#input\_assets\_bucket\_policy\_role) | Assets bucket policy role | `string` | `""` | no |
 | <a name="input_create_assets_bucket"></a> [create\_assets\_bucket](#input\_create\_assets\_bucket) | Whether to create the assets bucket. | `bool` | `false` | no |
 | <a name="input_create_ecr_resources"></a> [create\_ecr\_resources](#input\_create\_ecr\_resources) | Whether to create the ECR resources. | `bool` | `false` | no |
 | <a name="input_create_github_resources"></a> [create\_github\_resources](#input\_create\_github\_resources) | Whether to create the GitHub resources. | `bool` | `false` | no |

diff --git a/infra/terraform/modules/account/main.tf b/infra/terraform/modules/account/main.tf
@@ -24,7 +24,7 @@ data "aws_iam_policy_document" "s3_policy" {
     }
     principals {
       type        = "AWS"
-      identifiers = ["arn:aws:sts::054614622558:assumed-role/OLCS-DEVAPPCI-DEVCI-OLCSCISLAVE"]
+      identifiers = ["arn:aws:sts::${local.account_id}:assumed-role/${var.assets_bucket_policy_role}"]
     }
   }
 }

diff --git a/infra/terraform/modules/account/variables.tf b/infra/terraform/modules/account/variables.tf
@@ -51,3 +51,9 @@ variable "create_assets_bucket" {
   description = "Whether to create the assets bucket."
   default     = false
 }
+
+variable "assets_bucket_policy_role" {
+  type        = string
+  description = "Assets bucket policy role "
+  default     = ""
+}