Give access to athena to relevant s3 buckets

2i2c-org · Aug 14, 2024 · 05ce453 · 05ce453
1 parent 6f346b3
commit 05ce453
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 10 deletions.
diff --git a/terraform/aws/grafana-athena-iam.tf b/terraform/aws/grafana-athena-iam.tf
@@ -73,16 +73,7 @@ resource "aws_iam_role" "grafana_athena_role" {
             "s3:AbortMultipartUpload",
             "s3:PutObject"
           ]
-          Resource = ["arn:aws:s3:::aws-athena-query-results-*"]
-        },
-        {
-          Sid    = "AthenaExamplesS3Access"
-          Effect = "Allow"
-          Action = [
-            "s3:GetObject",
-            "s3:ListBucket"
-          ]
-          Resource = ["arn:aws:s3:::athena-examples*"]
+          Resource = ["arn:aws:s3:::${var.athena_storage_bucket}*"]
       }]
     })
   }

diff --git a/terraform/aws/projects/openscapes.tfvars b/terraform/aws/projects/openscapes.tfvars
@@ -9,6 +9,7 @@ default_budget_alert = {
 }
 
 enable_grafana_athena_iam = true
+athena_storage_bucket     = "openscapes-cost-usage-report"
 
 # Remove this variable to tag all our resources with {"ManagedBy": "2i2c"}
 tags = {}

diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf
@@ -45,6 +45,13 @@ variable "user_buckets" {
   EOT
 }
 
+
+variable "athena_storage_bucket" {
+  type        = string
+  description = "The name of the S3 bucket where Athena related data will be stored"
+  default     = ""
+}
+
 variable "hub_cloud_permissions" {
   type = map(
     map(