Secure Connector bucket policy #156

Shershebnev · 2023-12-04T18:03:00Z

The policy here https://github.com/wandb/terraform-aws-wandb/blob/v2.7.0/modules/secure_storage_connector/main.tf#L48 should probably be split into two - I'm getting api error MalformedPolicy: Action does not apply to any resource(s) in statement due to some actions being applicable only on bucket or file level. I'm not sure if you accept PRs from outside of the company, but this worked for me:

    policy = jsonencode({
      "Version" : "2012-10-17",
      "Statement" : [
        {
          "Sid" : "WandbAccountAccessFiles",
          "Effect" : "Allow",
          "Principal" : { "AWS" : var.aws_principal_arn },
          "Action" : [
            "s3:GetObject*",
            "s3:AbortMultipartUpload",
            "s3:DeleteObject",
            "s3:PutObject",
          ],
          "Resource" : [
            "${module.file_storage.bucket_arn}/*",
          ]
        },
        {
          "Sid" : "WandbAccountAccessBucket",
          "Effect" : "Allow",
          "Principal" : { "AWS" : var.aws_principal_arn },
          "Action" : [
            "s3:GetEncryptionConfiguration",
            "s3:ListBucket",
            "s3:ListBucketMultipartUploads",
            "s3:ListBucketVersions",
            "s3:GetBucketCORS",
            "s3:GetBucketLocation",
            "s3:GetBucketVersioning"
          ],
          "Resource" : [
            "${module.file_storage.bucket_arn}",
          ]
        },
      ]
    })

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Secure Connector bucket policy #156

Secure Connector bucket policy #156

Shershebnev commented Dec 4, 2023 •

edited

Loading

Secure Connector bucket policy #156

Secure Connector bucket policy #156

Comments

Shershebnev commented Dec 4, 2023 • edited Loading

Shershebnev commented Dec 4, 2023 •

edited

Loading