Skip to content

Commit

Permalink
PRMDR 786 - Fix cloudfront lambda exec conflict
Browse files Browse the repository at this point in the history
  • Loading branch information
RioKnightleyNHS authored Sep 10, 2024
1 parent 29c20ab commit 61716c4
Show file tree
Hide file tree
Showing 4 changed files with 3 additions and 11 deletions.
5 changes: 2 additions & 3 deletions infrastructure/modules/lambda_edge/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,8 @@ data "archive_file" "lambda" {
output_path = "placeholder_lambda_payload.zip"
}

# Define the IAM role for the Lambda function with the combined assume role policy
resource "aws_iam_role" "lambda_exec_role" {
name = "lambda_edge_exec_role"
name = "${terraform.workspace}_lambda_edge_exec_role"

assume_role_policy = data.aws_iam_policy_document.assume_role.json
}
Expand Down Expand Up @@ -79,7 +78,7 @@ data "aws_iam_policy_document" "lambda_policy" {


resource "aws_iam_role_policy" "lambda_exec_policy" {
name = "lambda_edge_exec_policy"
name = "${terraform.workspace}_lambda_edge_exec_policy"
role = aws_iam_role.lambda_exec_role.id
policy = data.aws_iam_policy_document.lambda_policy.json
}
Expand Down
2 changes: 1 addition & 1 deletion infrastructure/modules/s3/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,4 +50,4 @@ No modules.
| <a name="output_bucket_domain_name"></a> [bucket\_domain\_name](#output\_bucket\_domain\_name) | n/a |
| <a name="output_bucket_id"></a> [bucket\_id](#output\_bucket\_id) | n/a |
| <a name="output_s3_list_object_policy"></a> [s3\_list\_object\_policy](#output\_s3\_list\_object\_policy) | n/a |
| <a name="output_s3_object_access_policy"></a> [s3\_object\_access\_policy](#output\_s3\_object\_access\_policy) | Outputs |
| <a name="output_s3_object_access_policy"></a> [s3\_object\_access\_policy](#output\_s3\_object\_access\_policy) | n/a |
4 changes: 0 additions & 4 deletions infrastructure/modules/s3/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ data "aws_iam_policy_document" "s3_defaut_policy" {
}

data "aws_iam_policy_document" "s3_cloudfront_policy" {
# Deny any requests that are not using HTTPS
statement {
effect = "Deny"

Expand All @@ -61,7 +60,6 @@ data "aws_iam_policy_document" "s3_cloudfront_policy" {
}
}

# Allow CloudFront to access the S3 bucket
statement {
effect = "Allow"

Expand All @@ -78,7 +76,6 @@ data "aws_iam_policy_document" "s3_cloudfront_policy" {
"${aws_s3_bucket.bucket.arn}/*",
]

# Ensure the request is coming from the correct CloudFront distribution
condition {
test = "StringEquals"
variable = "AWS:SourceArn"
Expand All @@ -98,7 +95,6 @@ resource "aws_s3_bucket_acl" "bucket_acl" {
depends_on = [aws_s3_bucket_ownership_controls.s3_bucket_acl_ownership]
}

# Resource to avoid error "AccessControlListNotSupported: The bucket does not allow ACLs"
resource "aws_s3_bucket_ownership_controls" "s3_bucket_acl_ownership" {
bucket = aws_s3_bucket.bucket.id
rule {
Expand Down
3 changes: 0 additions & 3 deletions infrastructure/modules/s3/output.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@


# Outputs
output "s3_object_access_policy" {
value = aws_iam_policy.s3_document_data_policy.arn
}
Expand Down

0 comments on commit 61716c4

Please sign in to comment.