LAWS-3627: Add artifacts S3 bucket

terraform/environments/maat/artifacts.tf

@@ -0,0 +1,55 @@
+# Terraform module which creates S3 Bucket resources for Load Balancer Access Logs on AWS.
+
+module "artifacts-s3" {
+  source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"
+
+  providers = {
+    aws.bucket-replication = aws
+  }
+
+  bucket_prefix       = "${local.application_name}-build-artifacts"
+  bucket_policy       = [data.aws_iam_policy_document.arfitacts.json]
+  replication_enabled = false
+  versioning_enabled  = true
+  force_destroy       = true
+  lifecycle_rule = [
+    {
+      id      = "main"
+      enabled = "Enabled"
+      prefix  = ""
+
+      tags = {
+        rule      = "log"
+        autoclean = "true"
+      }
+
+      expiration = {
+        days = 31
+      }
+
+      noncurrent_version_expiration = {
+        days = 31
+      }
+    }
+  ]
+
+  tags = local.tags
+}
+
+data "aws_iam_policy_document" "arfitacts" {
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:PutObject"
+    ]
+    resources = [
+      "${module.artifacts-s3.bucket.arn}/*"
+    ]
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::${local.env_account_id}:role/modernisation-platform-oidc-cicd"]
+    }
+  }
+
+}
+

terraform/environments/maat/maat-ecs.tf

@@ -16,6 +16,7 @@ resource "aws_iam_role" "maat_ec2_instance_role" {
   )
   assume_role_policy = <<EOF
 {
+    "Version": "2008-10-17",
     "Statement": [
         {
             "Action": "sts:AssumeRole",
@@ -325,6 +326,7 @@ resource "aws_iam_role" "maat_ecs_service_role" {
   )
   assume_role_policy = <<EOF
 {
+    "Version": "2008-10-17",
     "Statement": [
         {
             "Action": "sts:AssumeRole",
@@ -378,6 +380,7 @@ resource "aws_iam_role" "maat_ecs_autoscaling_role" {
   )
   assume_role_policy = <<EOF
 {
+    "Version": "2008-10-17",
     "Statement": [
         {
             "Action": "sts:AssumeRole",