allow ec2 to access common crawl s3

2026-05-17 18:22:41 -04:00 · 2026-05-17 18:22:41 -04:00 · 65d2757527
commit 65d2757527
parent fcf203e1d8
1 changed files with 20 additions and 10 deletions
--- a/infra/main.tf
+++ b/infra/main.tf
@ -141,16 +141,26 @@ resource "aws_iam_role_policy" "s3_access" {

  policy = jsonencode({
    Version = "2012-10-17"
-    Statement = [{
-      Effect = "Allow"
-      Action = ["s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket", "s3:HeadObject"]
-      Resource = [
-        aws_s3_bucket.icons[0].arn,
-        "${aws_s3_bucket.icons[0].arn}/*",
-        aws_s3_bucket.site.arn,
-        "${aws_s3_bucket.site.arn}/*",
-      ]
-    }]
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = ["s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket", "s3:HeadObject"]
+        Resource = [
+          aws_s3_bucket.icons[0].arn,
+          "${aws_s3_bucket.icons[0].arn}/*",
+          aws_s3_bucket.site.arn,
+          "${aws_s3_bucket.site.arn}/*",
+        ]
+      },
+      {
+        Effect = "Allow"
+        Action = ["s3:GetObject", "s3:ListBucket"]
+        Resource = [
+          "arn:aws:s3:::commoncrawl",
+          "arn:aws:s3:::commoncrawl/*",
+        ]
+      }
+    ]
  })
 }