Skip to content

Commit

Permalink
* 2.6.2 -- 2024-09-13
Browse files Browse the repository at this point in the history 
  - terraform-state
    - add for Terragrunt: dynamodb:DescribeTable permission, s3:GetBucketVersioning
  • Loading branch information
@badra001
badra001 committed Sep 16, 2024
1 parent 583407e commit 0dbd9e0
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 10 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,3 +370,7 @@
* 2.6.1 -- 2024-09-11
- cloudtrail
- add variable enable_logging to disable the objectlogging trail

* 2.6.2 -- 2024-09-13
- terraform-state
- add for Terragrunt: dynamodb:DescribeTable permission, s3:GetBucketVersioning
2 changes: 1 addition & 1 deletion common/version.tf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
locals {
_module_version = "2.6.1"
_module_version = "2.6.2"
}
37 changes: 28 additions & 9 deletions terraform-state/policy.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,21 +39,32 @@ data "aws_iam_policy_document" "tfstate" {
sid = "TFRemoteStateList"
effect = "Allow"
resources = [aws_s3_bucket.tfstate.arn]
actions = ["s3:ListBucket"]
actions = [
"s3:ListBucket",
"s3:GetBucketVersioning",
]
}

statement {
sid = "TFRemoteState"
effect = "Allow"
resources = ["${aws_s3_bucket.tfstate.arn}/*"]
actions = ["s3:GetObject", "s3:PutObject"]
actions = [
"s3:GetObject",
"s3:PutObject"
]
}

statement {
sid = "TFRemoteStateDDB"
effect = "Allow"
resources = [aws_dynamodb_table.tfstate.arn]
actions = ["dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:DeleteItem"]
actions = [
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:DeleteItem"
]
}
}

Expand Down Expand Up @@ -82,9 +93,12 @@ data "aws_iam_policy_document" "tfstate_kms" {
#---
data "aws_iam_policy_document" "tfstate_read" {
statement {
sid = "TFRemoteStateList"
effect = "Allow"
actions = ["s3:ListBucket*"]
sid = "TFRemoteStateList"
effect = "Allow"
actions = [
"s3:ListBucket*",
"s3:GetBucketVersioning",
]
resources = [aws_s3_bucket.tfstate.arn]
}
statement {
Expand All @@ -102,6 +116,7 @@ data "aws_iam_policy_document" "tfstate_read" {
sid = "TFRemoteStateDDB"
effect = "Allow"
actions = [
"dynamodb:DescribeTable",
"dynamodb:GetItem",
# "dynamodb:PutItem",
# "dynamodb:DeleteItem",
Expand All @@ -127,9 +142,12 @@ data "aws_iam_policy_document" "tfstate_read" {
#---
data "aws_iam_policy_document" "tfstate_write" {
statement {
sid = "TFRemoteStateList"
effect = "Allow"
actions = ["s3:ListBucket*"]
sid = "TFRemoteStateList"
effect = "Allow"
actions = [
"s3:ListBucket*",
"s3:GetBucketVersioning",
]
resources = [aws_s3_bucket.tfstate.arn]
}
statement {
Expand All @@ -146,6 +164,7 @@ data "aws_iam_policy_document" "tfstate_write" {
sid = "TFRemoteStateDDB"
effect = "Allow"
actions = [
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:DeleteItem",
Expand Down

0 comments on commit 0dbd9e0

Please sign in to comment.