Fixed typo and added more permissions for the shared folder access. S…

…pecifically, the ListBucket permission (#111)
SocialFinanceDigitalLabs · Sep 27, 2024 · 418998d · 418998d
1 parent da23f57
commit 418998d
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 22 deletions.
diff --git a/infrastructure/environments/cloudformation/full/la/s3.yaml b/infrastructure/environments/cloudformation/full/la/s3.yaml
@@ -292,12 +292,22 @@ Resources:
             Principal:
               AWS: !Ref OrgAccountRoleArn
             Action:
-              - "s3:GetObject"
+              - "s3:ListBucketMultipartUploads"
+              - "s3:GetObjectVersionTagging"
+              - "s3:ListBucketVersions"
+              - "s3:GetObjectAttributes"
+              - "s3:PutObjectVersionTagging"
               - "s3:ListBucket"
               - "s3:GetBucketAcl"
+              - "s3:GetObjectVersionAttributes"
+              - "s3:PutObject"
               - "s3:GetObjectAcl"
-              - "s3:GetObjectAttributes"
+              - "s3:GetObject"
+              - "s3:GetObjectVersionAcl"
               - "s3:GetObjectTagging"
+              - "s3:PutObjectTagging"
+              - "s3:GetBucketLocation"
+              - "s3:GetObjectVersion"
             Resource:
               - !Join
                 - ''

diff --git a/infrastructure/environments/cloudformation/full/organisation/vpc.yaml b/infrastructure/environments/cloudformation/full/organisation/vpc.yaml
@@ -277,26 +277,7 @@ Resources:
         Version: 2012-10-17
         Statement:
           - Effect: Allow
-            Principal: '*'                  - "s3:DeleteObjectTagging"
-                  - "s3:ListBucketMultipartUploads"
-                  - "s3:DeleteObjectVersion"
-                  - "s3:GetObjectVersionTagging"
-                  - "s3:ListBucketVersions"
-                  - "s3:GetObjectAttributes"
-                  - "s3:PutObjectVersionTagging"
-                  - "s3:ListBucket"
-                  - "s3:DeleteObjectVersionTagging"
-                  - "s3:GetBucketAcl"
-                  - "s3:GetObjectVersionAttributes"
-                  - "s3:PutObject"
-                  - "s3:GetObjectAcl"
-                  - "s3:GetObject"
-                  - "s3:GetObjectVersionAcl"
-                  - "s3:GetObjectTagging"
-                  - "s3:PutObjectTagging"
-                  - "s3:DeleteObject"
-                  - "s3:GetBucketLocation"
-                  - "s3:GetObjectVersion"
+            Principal: '*'
             Action:
               - "s3:DeleteObjectTagging"
               - "s3:ListBucketMultipartUploads"