From a4ccf045b4bbe00c66baa99cd0250b0f9b6228d0 Mon Sep 17 00:00:00 2001 From: karthikeyannhs <174426205+Karthikeyannhs@users.noreply.github.com> Date: Mon, 26 Jan 2026 11:24:44 +0000 Subject: [PATCH 1/3] ELI-578 added consumermapping bucket arn github_actions_policies.tf --- .../stacks/iams-developer-roles/github_actions_policies.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf index 1bcaf2145..54c0ef6b5 100644 --- a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf +++ b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf @@ -209,6 +209,8 @@ resource "aws_iam_policy" "s3_management" { Resource = [ "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules", "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules/*", + "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map", + "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map/*", "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit", "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit/*", "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules-access-logs", From c167122743bf118ebd7d9c33081b2d9a33ca6d22 Mon Sep 17 00:00:00 2001 From: karthikeyannhs <174426205+Karthikeyannhs@users.noreply.github.com> Date: Mon, 26 Jan 2026 11:49:40 +0000 Subject: [PATCH 2/3] ELI-578 added consumermapping bucket arn github_actions_policies.tf --- .../stacks/iams-developer-roles/github_actions_policies.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf index 54c0ef6b5..6a2f3b7be 100644 --- a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf +++ b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf @@ -217,6 +217,8 @@ resource "aws_iam_policy" "s3_management" { "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-rules-access-logs/*", "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit-access-logs", "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-audit-access-logs/*", + "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map-access-logs", + "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-consumer-map-access-logs/*", "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore", "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore/*", "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore-access-logs", From 5911ae9eb3834ab97004cdea983e4a3cb7b34b26 Mon Sep 17 00:00:00 2001 From: karthikeyannhs <174426205+Karthikeyannhs@users.noreply.github.com> Date: Mon, 26 Jan 2026 12:01:05 +0000 Subject: [PATCH 3/3] ELI-578 renamed lambda_s3_rules_read_policy back to lambda_s3_read_policy --- infrastructure/stacks/api-layer/iam_policies.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/infrastructure/stacks/api-layer/iam_policies.tf b/infrastructure/stacks/api-layer/iam_policies.tf index b798fa48f..d91a2b281 100644 --- a/infrastructure/stacks/api-layer/iam_policies.tf +++ b/infrastructure/stacks/api-layer/iam_policies.tf @@ -190,7 +190,8 @@ data "aws_iam_policy_document" "audit_s3_bucket_policy" { } # Attach s3 read policy to Lambda role -resource "aws_iam_role_policy" "lambda_s3_rules_read_policy" { +resource "aws_iam_role_policy" "lambda_s3_read_policy" { + # for rules bucket name = "S3ReadAccess" role = aws_iam_role.eligibility_lambda_role.id policy = data.aws_iam_policy_document.s3_rules_bucket_policy.json