Merge branch 'main' into chore/eja-cross-repo-triggering-of-my-vaccines-test-data-action

eddalmond1 · web-flow · commit b6492a1cd5ef · 2026-01-28T12:29:19.000Z
diff --git a/infrastructure/stacks/api-layer/iam_policies.tf b/infrastructure/stacks/api-layer/iam_policies.tf
@@ -190,7 +190,8 @@ data "aws_iam_policy_document" "audit_s3_bucket_policy" {
 }
 
 # Attach s3 read policy to Lambda role
-resource "aws_iam_role_policy" "lambda_s3_rules_read_policy" {
+resource "aws_iam_role_policy" "lambda_s3_read_policy" {
+  # for rules bucket
   name   = "S3ReadAccess"
   role   = aws_iam_role.eligibility_lambda_role.id
   policy = data.aws_iam_policy_document.s3_rules_bucket_policy.json
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -209,12 +209,16 @@ resource "aws_iam_policy" "s3_management" {
         Resource = [
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules/*",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules-access-logs",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules-access-logs/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit-access-logs",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit-access-logs/*",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map-access-logs",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map-access-logs/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore-access-logs",

Original file line number	Diff line number	Diff line change
`@@ -190,7 +190,8 @@ data "aws_iam_policy_document" "audit_s3_bucket_policy" {`
`190`	`190`	`}`
`191`	`191`
`192`	`192`	`# Attach s3 read policy to Lambda role`
`193`		`-resource "aws_iam_role_policy" "lambda_s3_rules_read_policy" {`
	`193`	`+resource "aws_iam_role_policy" "lambda_s3_read_policy" {`
	`194`	`+ # for rules bucket`
`194`	`195`	`name = "S3ReadAccess"`
`195`	`196`	`role = aws_iam_role.eligibility_lambda_role.id`
`196`	`197`	`policy = data.aws_iam_policy_document.s3_rules_bucket_policy.json`