Update dev server IAM policy…

… with changes made by James on the AWS Console. I copied the policy¹ as JSON from AWS Console and pasted directly into the file. After reordering to match the existing file contents, which are sorted to be more readable rather than alphabetical, I confirmed that this updated version of the file results in no changes with `terraform plan`. ¹ arn:aws:iam::827581582529:policy/NextstrainDotOrgServerInstance-testing Co-authored-by: James Hadfield <[email protected]>
nextstrain · Oct 4, 2023 · aed9400 · aed9400
1 parent cac3780
commit aed9400
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/aws/iam/policy/NextstrainDotOrgServerInstanceDev.json b/aws/iam/policy/NextstrainDotOrgServerInstanceDev.json
@@ -43,6 +43,35 @@
         "arn:aws:s3:::nextstrain-groups/test/*",
         "arn:aws:s3:::nextstrain-groups/test-private/*"
       ]
+    },
+    {
+      "Sid": "ListInventories",
+      "Action": [
+        "s3:ListBucket"
+      ],
+      "Condition": {
+        "StringLike": {
+          "s3:prefix": [
+            "nextstrain-data/*",
+            "nextstrain-staging/*"
+          ]
+        }
+      },
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws:s3:::nextstrain-inventories"
+      ]
+    },
+    {
+      "Sid": "GetInventories",
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws:s3:::nextstrain-inventories/nextstrain-data/*",
+        "arn:aws:s3:::nextstrain-inventories/nextstrain-staging/*"
+      ]
     }
   ]
 }