BRS-557 adding config role and policy (#9)

* BRS-557 adding config role and policy * BRS-557 fixing 'invalid' JSON * BRS-557 missing comma
bcgov · Apr 7, 2022 · dc8fd00 · dc8fd00
1 parent 39d2a12
commit dc8fd00
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 1 deletion.
diff --git a/terraform/src/roles.tf b/terraform/src/roles.tf
@@ -39,3 +39,48 @@ resource "aws_iam_role" "parkRole" {
 EOF
 
 }
+
+resource "aws_iam_role" "configRole" {
+  name = "lambdaconfigRole-${random_string.postfix.result}"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+
+}
+
+resource "aws_iam_role_policy" "parks-ar-config" {
+  name = "parks-ar-config-${random_string.postfix.result}"
+  role = aws_iam_role.configRole.id
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+        "Effect": "Allow",
+        "Action": [
+            "dynamodb:BatchGet*",
+            "dynamodb:DescribeTable",
+            "dynamodb:Get*",
+            "dynamodb:Query",
+            "dynamodb:Scan"
+        ],
+        "Resource": "${aws_dynamodb_table.ar_table.arn}"
+      }
+  ]
+}
+  EOF
+}
diff --git a/terraform/src/settings.tf b/terraform/src/settings.tf
@@ -17,7 +17,7 @@ resource "aws_lambda_function" "readConfigLambda" {
     }
   }
 
-  role = aws_iam_role.parkRole.arn
+  role = aws_iam_role.configRole.arn
 }
 
 resource "aws_api_gateway_resource" "configResource" {
-Original file line number
+Diff line change
@@ Expand Up / @@ -17,7 +17,7 @@ resource "aws_lambda_function" "readConfigLambda" { @@
         }
       }
-      role = aws_iam_role.parkRole.arn
+      role = aws_iam_role.configRole.arn
     }
     resource "aws_api_gateway_resource" "configResource" {
@@ Expand Down @@