Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/s3 tag policies #193

Merged
merged 7 commits into from
Jun 22, 2021
Merged

Feature/s3 tag policies #193

merged 7 commits into from
Jun 22, 2021

Conversation

rpoluri
Copy link
Contributor

@rpoluri rpoluri commented Jun 22, 2021

📝 Description

Added apiary_consumer_iamroles variable to grant cross account access to IAM roles
Added apiary_customer_condition variable to restrict access using S3 object tags

🔗 Related Issues

@rpoluri rpoluri requested a review from a team as a code owner June 22, 2021 19:07
@rpoluri rpoluri requested review from barnharts4 and mroark1m June 22, 2021 19:07
mroark-exp
mroark-exp reviewed Jun 22, 2021
View reviewed changes
README.md
@@ -59,6 +59,10 @@ module "apiary" {
}
]
apiary_customer_accounts = ["aws_account_no_1", "aws_account_no_2"]
apiary_customer_condition = <<EOF
"ForAnyValue:StringEquals": {"s3:ExistingObjectTag/security": [ "public"] } ,
"StringLike": {"s3:ExistingObjectTag/type": "image*" }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have it as 'OBJECT_TYPE' in my code, but I'll change it to 'type'

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

variable is generic, we can use OBJECT_TYPE internally, above is just a example to show usage

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh this is in the README, didn't notice...

mroark-exp
mroark-exp previously approved these changes Jun 22, 2021
View reviewed changes
@rpoluri rpoluri merged commit 7db672e into master Jun 22, 2021
@rpoluri rpoluri deleted the feature/s3_tag_policies branch June 22, 2021 21:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@barnharts4 barnharts4 barnharts4 approved these changes

@mroark-exp mroark-exp mroark-exp approved these changes

@Dima1224 Dima1224 Dima1224 approved these changes

@mroark1m mroark1m Awaiting requested review from mroark1m

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rpoluri @Dima1224 @mroark-exp @barnharts4