From 885f023660a17f4eb4197093eb31e7104a4d3dde Mon Sep 17 00:00:00 2001
From: Marco Marasca <8505576+marcomarasca@users.noreply.github.com>
Date: Wed, 15 Nov 2023 12:09:44 -0800
Subject: [PATCH] PLFM-8005: Allows snoflake to access synapse bucket inventory

---
 .../templates/snowflake-access.yaml            | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/sceptre/synapseprod/templates/snowflake-access.yaml b/sceptre/synapseprod/templates/snowflake-access.yaml
index d360f37f..5dff1691 100644
--- a/sceptre/synapseprod/templates/snowflake-access.yaml
+++ b/sceptre/synapseprod/templates/snowflake-access.yaml
@@ -21,7 +21,10 @@ Resources:
                       "s3:GetObject",
                       "s3:GetObjectVersion"
                   ],
-                  "Resource": "arn:aws:s3:::prod.datawarehouse.sagebase.org/warehouse/*"
+                  "Resource": [
+                    "arn:aws:s3:::prod.datawarehouse.sagebase.org/warehouse/*",
+                    "arn:aws:s3:::prod.inventory.sagebase.org/inventory/proddata.sagebase.org/defaultInventory/*"
+                  ]
               },
               {
                   "Effect": "Allow",
@@ -35,6 +38,19 @@ Resources:
                         "s3:prefix": [ "warehouse/*" ]
                       }
                   }
+              },
+              {
+                  "Effect": "Allow",
+                  "Action": [
+                      "s3:ListBucket",
+                      "s3:GetBucketLocation"
+                  ],
+                  "Resource": "arn:aws:s3:::prod.inventory.sagebase.org",
+                  "Condition": {
+                      "StringLike": {
+                        "s3:prefix": [ "inventory/proddata.sagebase.org/defaultInventory/*" ]
+                      }
+                  }
               }
           ]
         }