From e405306839a5b5f49e387b9868134685b68182e6 Mon Sep 17 00:00:00 2001
From: Ewa Stempel <ewa.stempel@digital.justice.gov.uk>
Date: Thu, 9 Jan 2025 16:12:19 +0000
Subject: [PATCH 1/2] Introducing an s3 bucket for the GreenOps PoC reports

---
 management-account/terraform/s3.tf | 38 ++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/management-account/terraform/s3.tf b/management-account/terraform/s3.tf
index 6818eb28..d80cbe97 100644
--- a/management-account/terraform/s3.tf
+++ b/management-account/terraform/s3.tf
@@ -282,3 +282,41 @@ data "aws_iam_policy_document" "cur_reports_quicksight_s3_policy" {
     }
   }
 }
+
+# moj-cur-reports-greenopspoc bucket for GreenOps PoC reports
+module "cur_reports_greenopspoc_s3_bucket" {
+  source = "../../modules/s3"
+
+  bucket_name   = "moj-cur-reports-greenopspoc"
+  attach_policy = true
+  policy        = data.aws_iam_policy_document.cur_reports_greenopspoc_s3_policy
+}
+
+data "aws_iam_policy_document" "cur_reports_greenopspoc_s3_policy" {
+  version = "2012-10-17"
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:GetBucketPolicy",
+      "s3:GetBucketAcl"
+    ]
+    resources = ["arn:aws:s3:::moj-cur-reports-greenopspoc"]
+
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::386209384616:root"]
+    }
+  }
+
+  statement {
+    effect    = "Allow"
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::moj-cur-reports-greenopspoc/*"]
+
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::386209384616:root"]
+    }
+  }
+}

From 6370a425ab3ae20da8e90441ca9ea26c8e5d9d05 Mon Sep 17 00:00:00 2001
From: Ewa Stempel <ewa.stempel@digital.justice.gov.uk>
Date: Thu, 9 Jan 2025 16:20:33 +0000
Subject: [PATCH 2/2] Correcting a reference to the json policy

---
 management-account/terraform/s3.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/management-account/terraform/s3.tf b/management-account/terraform/s3.tf
index d80cbe97..e3ce3b6a 100644
--- a/management-account/terraform/s3.tf
+++ b/management-account/terraform/s3.tf
@@ -289,7 +289,7 @@ module "cur_reports_greenopspoc_s3_bucket" {
 
   bucket_name   = "moj-cur-reports-greenopspoc"
   attach_policy = true
-  policy        = data.aws_iam_policy_document.cur_reports_greenopspoc_s3_policy
+  policy        = data.aws_iam_policy_document.cur_reports_greenopspoc_s3_policy.json
 }
 
 data "aws_iam_policy_document" "cur_reports_greenopspoc_s3_policy" {