diff --git a/aws-iam-apply-policy.tf b/aws-iam-apply-policy.tf index 77c2022..97f9b09 100644 --- a/aws-iam-apply-policy.tf +++ b/aws-iam-apply-policy.tf @@ -328,12 +328,15 @@ data "aws_iam_policy_document" "apply_2" { "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteBucketWebsite", + "s3:DeleteObjectTagging", + "s3:DeleteObjectVersionTagging", "s3:GetAccelerateConfiguration", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketOwnershipControls", "s3:GetBucketPolicy", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", @@ -347,17 +350,22 @@ data "aws_iam_policy_document" "apply_2" { "s3:GetMetricsConfiguration", "s3:GetObject", "s3:GetObjectAcl", + "s3:GetObjectTagging", + "s3:GetObjectVersionTagging", "s3:GetReplicationConfiguration", "s3:ListAllMyBuckets", "s3:ListBucket", + "s3:ListTagsForResource", "s3:PutAccelerateConfiguration", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketLogging", "s3:PutBucketObjectLockConfiguration", + "s3:PutBucketOwnershipControls", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketRequestPayment", + "s3:PutBucketTagging", "s3:PutBucketVersioning", "s3:PutBucketWebsite", "s3:PutEncryptionConfiguration", @@ -366,9 +374,13 @@ data "aws_iam_policy_document" "apply_2" { "s3:PutLifecycleConfiguration", "s3:PutMetricsConfiguration", "s3:PutObject", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging", "s3:PutObjectLegalHold", "s3:PutObjectRetention", - "s3:PutReplicationConfiguration" + "s3:PutReplicationConfiguration", + "s3:TagResource", + "s3:UntagResource", ] resources = ["*"] } @@ -380,7 +392,7 @@ data "aws_iam_policy_document" "apply_2" { content { effect = "Allow" actions = [ - "SNS:GetSubscriptionAttributes", + "sns:GetSubscriptionAttributes", "sns:CreateTopic", "sns:DeleteTopic", "sns:GetTopicAttributes",