fix: S3 replication rule IAM role (#81)

patheard · web-flow · commit 77a281aafdd3 · 2025-08-07T10:42:45.000-04:00
Update the replication IRM role to allow it to read from the
correct source bucket.
diff --git a/terragrunt/aws/cdn/s3.tf b/terragrunt/aws/cdn/s3.tf
@@ -135,7 +135,7 @@ data "aws_iam_policy_document" "s3_replicate_data_lake" {
       "s3:ListBucket"
     ]
     resources = [
-      module.cdn_origin.s3_bucket_arn
+      module.cloudfront_logs.s3_bucket_arn
     ]
   }
   statement {
@@ -145,7 +145,7 @@ data "aws_iam_policy_document" "s3_replicate_data_lake" {
       "s3:GetObjectVersionAcl"
     ]
     resources = [
-      "${module.cdn_origin.s3_bucket_arn}/*"
+      "${module.cloudfront_logs.s3_bucket_arn}/*"
     ]
   }
   statement {

Original file line number	Diff line number	Diff line change
`@@ -135,7 +135,7 @@ data "aws_iam_policy_document" "s3_replicate_data_lake" {`
`135`	`135`	`"s3:ListBucket"`
`136`	`136`	`]`
`137`	`137`	`resources = [`
`138`		`- module.cdn_origin.s3_bucket_arn`
	`138`	`+ module.cloudfront_logs.s3_bucket_arn`
`139`	`139`	`]`
`140`	`140`	`}`
`141`	`141`	`statement {`
`@@ -145,7 +145,7 @@ data "aws_iam_policy_document" "s3_replicate_data_lake" {`
`145`	`145`	`"s3:GetObjectVersionAcl"`
`146`	`146`	`]`
`147`	`147`	`resources = [`
`148`		`- "${module.cdn_origin.s3_bucket_arn}/*"`
	`148`	`+ "${module.cloudfront_logs.s3_bucket_arn}/*"`
`149`	`149`	`]`
`150`	`150`	`}`
`151`	`151`	`statement {`