👔 (apply-policy): Adds additional S3 actions

bendoerr-terraform-modules · Dec 12, 2023 · 5d8aeb3 · 5d8aeb3
1 parent 9b8db67
commit 5d8aeb3
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/aws-iam-apply-policy.tf b/aws-iam-apply-policy.tf
@@ -328,12 +328,15 @@ data "aws_iam_policy_document" "apply_2" {
         "s3:CreateBucket",
         "s3:DeleteBucket",
         "s3:DeleteBucketWebsite",
+        "s3:DeleteObjectTagging",
+        "s3:DeleteObjectVersionTagging",
         "s3:GetAccelerateConfiguration",
         "s3:GetBucketAcl",
         "s3:GetBucketCORS",
         "s3:GetBucketLocation",
         "s3:GetBucketLogging",
         "s3:GetBucketObjectLockConfiguration",
+        "s3:GetBucketOwnershipControls",
         "s3:GetBucketPolicy",
         "s3:GetBucketPublicAccessBlock",
         "s3:GetBucketRequestPayment",
@@ -347,17 +350,22 @@ data "aws_iam_policy_document" "apply_2" {
         "s3:GetMetricsConfiguration",
         "s3:GetObject",
         "s3:GetObjectAcl",
+        "s3:GetObjectTagging",
+        "s3:GetObjectVersionTagging",
         "s3:GetReplicationConfiguration",
         "s3:ListAllMyBuckets",
         "s3:ListBucket",
+        "s3:ListTagsForResource",
         "s3:PutAccelerateConfiguration",
         "s3:PutBucketAcl",
         "s3:PutBucketCORS",
         "s3:PutBucketLogging",
         "s3:PutBucketObjectLockConfiguration",
+        "s3:PutBucketOwnershipControls",
         "s3:PutBucketPolicy",
         "s3:PutBucketPublicAccessBlock",
         "s3:PutBucketRequestPayment",
+        "s3:PutBucketTagging",
         "s3:PutBucketVersioning",
         "s3:PutBucketWebsite",
         "s3:PutEncryptionConfiguration",
@@ -366,9 +374,13 @@ data "aws_iam_policy_document" "apply_2" {
         "s3:PutLifecycleConfiguration",
         "s3:PutMetricsConfiguration",
         "s3:PutObject",
+        "s3:PutObjectTagging",
+        "s3:PutObjectVersionTagging",
         "s3:PutObjectLegalHold",
         "s3:PutObjectRetention",
-        "s3:PutReplicationConfiguration"
+        "s3:PutReplicationConfiguration",
+        "s3:TagResource",
+        "s3:UntagResource",
       ]
       resources = ["*"]
     }
@@ -380,7 +392,7 @@ data "aws_iam_policy_document" "apply_2" {
     content {
       effect = "Allow"
       actions = [
-        "SNS:GetSubscriptionAttributes",
+        "sns:GetSubscriptionAttributes",
         "sns:CreateTopic",
         "sns:DeleteTopic",
         "sns:GetTopicAttributes",