From 05ce453f8c6620d1a358f482582e60902ce8a028 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 14 Aug 2024 12:57:16 +0300 Subject: [PATCH] Give access to athena to relevant s3 buckets --- terraform/aws/grafana-athena-iam.tf | 11 +---------- terraform/aws/projects/openscapes.tfvars | 1 + terraform/aws/variables.tf | 7 +++++++ 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/terraform/aws/grafana-athena-iam.tf b/terraform/aws/grafana-athena-iam.tf index c0436a66e7..2aa326df35 100644 --- a/terraform/aws/grafana-athena-iam.tf +++ b/terraform/aws/grafana-athena-iam.tf @@ -73,16 +73,7 @@ resource "aws_iam_role" "grafana_athena_role" { "s3:AbortMultipartUpload", "s3:PutObject" ] - Resource = ["arn:aws:s3:::aws-athena-query-results-*"] - }, - { - Sid = "AthenaExamplesS3Access" - Effect = "Allow" - Action = [ - "s3:GetObject", - "s3:ListBucket" - ] - Resource = ["arn:aws:s3:::athena-examples*"] + Resource = ["arn:aws:s3:::${var.athena_storage_bucket}*"] }] }) } diff --git a/terraform/aws/projects/openscapes.tfvars b/terraform/aws/projects/openscapes.tfvars index dc8a5857b5..2f84aa576d 100644 --- a/terraform/aws/projects/openscapes.tfvars +++ b/terraform/aws/projects/openscapes.tfvars @@ -9,6 +9,7 @@ default_budget_alert = { } enable_grafana_athena_iam = true +athena_storage_bucket = "openscapes-cost-usage-report" # Remove this variable to tag all our resources with {"ManagedBy": "2i2c"} tags = {} diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf index 89f3250e30..e5ee6f08eb 100644 --- a/terraform/aws/variables.tf +++ b/terraform/aws/variables.tf @@ -45,6 +45,13 @@ variable "user_buckets" { EOT } + +variable "athena_storage_bucket" { + type = string + description = "The name of the S3 bucket where Athena related data will be stored" + default = "" +} + variable "hub_cloud_permissions" { type = map( map(