From 25f45f3a14fc5282dbaa80ccce2b2d0160804e8a Mon Sep 17 00:00:00 2001
From: arnol377 <github-actions@census.gov>
Date: Tue, 13 Aug 2024 19:24:00 -0400
Subject: [PATCH] fixing some issues

---
 main.tf | 33 +++++++++++++++++++++++++++++++++
 rhel.tf |  2 +-
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index ce4dabb..175bb31 100644
--- a/main.tf
+++ b/main.tf
@@ -8,6 +8,39 @@ resource "aws_s3_bucket" "assets_bucket" {
   bucket = "image-pipeline-assets"
 }
 
+#  module.amazon_linux.iam_arn
+resource "aws_s3_bucket_policy" "assets_bucket_policy" {
+  bucket = aws_s3_bucket.assets_bucket.id
+  policy = data.aws_iam_policy_document.assets_bucket_policy_document.json
+}
+
+data "aws_iam_policy_document" "assets_bucket_policy_document" {
+  statement {
+    principals {
+      type        = "AWS"
+      identifiers = [
+        module.amazon_linux.iam_arn
+      ]
+    }
+
+    actions = [
+      "s3:Get*",
+      "s3:List*",
+      "s3:ReplicateObject",
+      "s3:PutObject",
+      "s3:RestoreObject",
+      "s3:PutObjectVersionTagging",
+      "s3:PutObjectTagging",
+      "s3:PutObjectAcl"
+    ]
+
+    resources = [
+      aws_s3_bucket.assets_bucket.arn, 
+      "${aws_s3_bucket.assets_bucket.arn}/*",
+    ]
+  }
+}
+
 
 resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" {
   for_each = tomap({
diff --git a/rhel.tf b/rhel.tf
index 02d3e79..363b6ad 100644
--- a/rhel.tf
+++ b/rhel.tf
@@ -25,6 +25,6 @@ module "rhel" {
   # goss_profile  = "base-test"
   state         = local.state_config
   vpc_config    = local.vpc_config
-  source_ami    = "ami-03fadeeea589a106b" # x86_64 compatible AMI
+  source_ami    = "ami-03f5c6b8195c66b04" # x86_64 compatible AMI
   instance_type = "t3.micro"              # x86_64 compatible instance type
 }