allow ec2 to access common crawl s3

2026-05-17 18:22:41 -04:00 · 2026-05-17 18:22:41 -04:00 · 65d2757527
commit 65d2757527
parent fcf203e1d8
1 changed files with 20 additions and 10 deletions
--- a/infra/main.tf
+++ b/infra/main.tf
@ -141,16 +141,26 @@ resource "aws_iam_role_policy" "s3_access" {
  policy = jsonencode({
    Version = "2012-10-17"
-    Statement = [{
+    Statement = [
-      Effect = "Allow"
+      {
-      Action = ["s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket", "s3:HeadObject"]
+        Effect = "Allow"
-      Resource = [
+        Action = ["s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket", "s3:HeadObject"]
-        aws_s3_bucket.icons[0].arn,
+        Resource = [
-        "${aws_s3_bucket.icons[0].arn}/*",
+          aws_s3_bucket.icons[0].arn,
-        aws_s3_bucket.site.arn,
+          "${aws_s3_bucket.icons[0].arn}/*",
-        "${aws_s3_bucket.site.arn}/*",
+          aws_s3_bucket.site.arn,
-      ]
+          "${aws_s3_bucket.site.arn}/*",
-    }]
+        ]
      },
      {
        Effect = "Allow"
        Action = ["s3:GetObject", "s3:ListBucket"]
        Resource = [
          "arn:aws:s3:::commoncrawl",
          "arn:aws:s3:::commoncrawl/*",
        ]
      }
    ]
  })
 }