Skip to content

Commit

Permalink
Resource based s3:GetObject ACL for container instances
Browse files Browse the repository at this point in the history
  • Loading branch information
@k2nr
k2nr committed Sep 29, 2017
1 parent cab56ba commit b12f46b
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 4 deletions.
11 changes: 9 additions & 2 deletions lib/barcelona/network/vpc_builder.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -323,10 +323,17 @@ def build_resources
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"s3:Get*",
"s3:List*"
],
"Resource" => ["*"]
},
{
"Effect" => "Allow",
"Action" => [
"s3:GetObject"
],
"Resource" => [
"arn:aws:s3:::#{stack.district.s3_bucket_name}/#{stack.district.name}/*"
]
}
]
}
Expand Down
11 changes: 9 additions & 2 deletions spec/lib/barcelona/network/network_stack_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -485,10 +485,17 @@
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"s3:Get*",
"s3:List*"
],
"Resource"=>["*"]
},
{
"Effect" => "Allow",
"Action" => [
"s3:GetObject"
],
"Resource" => [
"arn:aws:s3:::#{district.s3_bucket_name}/#{district.name}/*"
]
}
]
}
Expand Down

0 comments on commit b12f46b

Please sign in to comment.