trimmed s3 bucket permission reference

bucket.tf

@@ -7,7 +7,7 @@ data "aws_iam_policy_document" "truefoundry_bucket_policy" {
     ]
 
     resources = concat(
-      ["arn:aws:s3:::${local.truefoundry_unique_name}*"],
+      ["arn:aws:s3:::${local.truefoundry_trimmed_unique_name}*"],
       var.truefoundry_artifact_buckets_will_read,
     )
   }
@@ -34,7 +34,7 @@ data "aws_iam_policy_document" "truefoundry_bucket_policy" {
       "s3:DeleteObject",
     ]
     resources = [
-      for bucket in concat(["arn:aws:s3:::${local.truefoundry_unique_name}*"], var.truefoundry_artifact_buckets_will_read) :
+      for bucket in concat(["arn:aws:s3:::${local.truefoundry_trimmed_unique_name}*"], var.truefoundry_artifact_buckets_will_read) :
       "${bucket}/*"
     ]
   }

locals.tf

@@ -1,6 +1,7 @@
 locals {
 
   truefoundry_unique_name = var.truefoundry_s3_enable_override ? var.truefoundry_s3_override_name : "${var.cluster_name}-truefoundry"
+  truefoundry_trimmed_unique_name = trimsuffix(substr(local.truefoundry_unique_name, 0, 37), "-")
 
   truefoundry_db_unique_name = var.truefoundry_db_enable_override ? var.truefoundry_db_override_name : "${var.cluster_name}-db"