Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F33309994
D11869.1768806419.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
1 KB
Referenced Files
None
Subscribers
None
D11869.1768806419.diff
View Options
diff --git a/services/terraform/remote/aws_iam.tf b/services/terraform/remote/aws_iam.tf
--- a/services/terraform/remote/aws_iam.tf
+++ b/services/terraform/remote/aws_iam.tf
@@ -299,11 +299,6 @@
statement {
effect = "Allow"
- principals {
- type = "*"
- identifiers = ["${module.shared.search_index_lambda.arn}"]
- }
-
actions = [
"es:ESHttpHead",
"es:ESHttpPost",
@@ -316,11 +311,21 @@
}
}
+resource "aws_iam_policy" "opensearch_domain_access" {
+ name = "opensearch-domain-access-policy"
+ policy = data.aws_iam_policy_document.opensearch_domain_access.json
+}
+
resource "aws_opensearch_domain_policy" "opensearch_domain_access" {
domain_name = module.shared.opensearch_domain_identity.domain_name
access_policies = data.aws_iam_policy_document.opensearch_domain_access.json
}
+resource "aws_iam_role_policy_attachment" "search_index_lambda_opensearch_access" {
+ role = aws_iam_role.search_index_lambda.name
+ policy_arn = aws_iam_policy.opensearch_domain_access.arn
+}
+
resource "aws_iam_role" "task_scheduler" {
name = "cron-scheduler-role"
assume_role_policy = jsonencode({
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Mon, Jan 19, 7:06 AM (16 h, 36 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5955085
Default Alt Text
D11869.1768806419.diff (1 KB)
Attached To
Mode
D11869: [terraform] Fix lambda opensearch domain access
Attached
Detach File
Event Timeline
Log In to Comment