add missing permission

lambdas/rich_pdf_ingestion/lambda.tf

@@ -48,5 +48,23 @@ module "lambda_function_container_image" {
         "logs:PutLogEvents",
       ]
     }
+
+    s3 = {
+      effect = "Allow"
+      actions = [
+        "s3:Get*",
+        "s3:List*",
+        "s3:Describe*",
+        "s3:PutObject",
+        "s3-object-lambda:Get*",
+        "s3-object-lambda:List*",
+        "s3-object-lambda:WriteGetObjectResponse"
+      ]
+
+      resources = [
+        var.ses_bucket_arn,
+        "${var.ses_bucket_arn}/*"
+      ]
+    }
   }
 }

lambdas/rich_pdf_ingestion/variables.tf

@@ -6,4 +6,9 @@ variable "aws_region" {
 variable "lambda_repository_name" {
   type     = string
   nullable = false
+}
+
+variable "ses_bucket_arn" {
+  type     = string
+  nullable = false
 }

terraform/modules.tf

@@ -229,4 +229,5 @@ module "rich_pdf_ingestion" {
   source                 = "../lambdas/rich_pdf_ingestion"
   aws_region             = var.aws_region
   lambda_repository_name = var.rich_pdf_ingestion_repository_name
+  ses_bucket_arn         = module.s3_bucket.s3_bucket_arn
 }