diff --git a/.github/workflows/openshift-oracle-s3-sync.yml b/.github/workflows/openshift-oracle-s3-sync.yml index 2895c4c8..708a3ed7 100644 --- a/.github/workflows/openshift-oracle-s3-sync.yml +++ b/.github/workflows/openshift-oracle-s3-sync.yml @@ -28,7 +28,7 @@ jobs: shell: bash run: | AWS_CREDENTIALS=$(aws ssm get-parameter \ - --name "/iam_users/fta-rst-el-s3-upload-service-account_keys" \ + --name "/iam_users/node-api-dev-fta-rec-s3-upload-service-account_keys" \ --with-decryption \ --query "Parameter.Value" \ --output text) diff --git a/infrastructure/api/iam.tf b/infrastructure/api/iam.tf index 6fe9b9c3..9b153d32 100644 --- a/infrastructure/api/iam.tf +++ b/infrastructure/api/iam.tf @@ -106,7 +106,6 @@ resource "aws_iam_role_policy_attachment" "rdsAttach" { } resource "aws_dynamodb_table_item" "iam_user" { - count = (var.app_env == "dev" || var.app_env == "test" || var.app_env == "prod") ? 1 : 0 # dont enable for PR table_name = "BCGOV_IAM_USER_TABLE" hash_key = "UserName" @@ -117,15 +116,9 @@ resource "aws_dynamodb_table_item" "iam_user" { }) } -data "aws_iam_user" "s3_upload_user" { - count = (var.app_env == "dev" || var.app_env == "test" || var.app_env == "prod") ? 1 : 0 # dont enable for PR - user_name = "${var.app_name}-fta-rec-s3-upload-service-account" -} - resource "aws_iam_user_policy" "s3_upload_policy" { - count = (var.app_env == "dev" || var.app_env == "test" || var.app_env == "prod") ? 1 : 0 # dont enable for PR name = "${var.app_name}_fta_rec_s3_upload_policy" - user = data.aws_iam_user.s3_upload_user.user_name + user = "${var.app_name}-fta-rec-s3-upload-service-account" policy = jsonencode({ Version = "2012-10-17" @@ -140,7 +133,7 @@ resource "aws_iam_user_policy" "s3_upload_policy" { ] Resource = [ "arn:aws:s3:::${var.fta_dataload_bucket}", - "arn:aws:s3:::${var.fta_dataload_bucket}/*" + "arn:aws:s3:::${var.fta_dataload_bucket}/*" ] } ]