From 53d4695a427e33ac4159015c13872fb0da2faad1 Mon Sep 17 00:00:00 2001
From: TDeSain <thomas.n.desain@gmail.com>
Date: Mon, 23 Oct 2023 15:24:16 -0400
Subject: [PATCH] test/open/fence-mapping-fix/ (#100)

# Updating security policies
* allow dictionary resource to pull fence_mapping.json from s3
---
 app-infrastructure/s3_roles.tf | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/app-infrastructure/s3_roles.tf b/app-infrastructure/s3_roles.tf
index 3bebb1a1..2a0f901e 100644
--- a/app-infrastructure/s3_roles.tf
+++ b/app-infrastructure/s3_roles.tf
@@ -435,6 +435,12 @@ resource "aws_iam_role_policy" "dictionary-deployment-s3-policy" {
       ],
       "Effect": "Allow",
       "Resource": "arn:aws:s3:::${var.stack_s3_bucket}/releases/jenkins_pipeline_build_${var.stack_githash_long}/pic-sure-hpds-dictionary-resource.tar.gz"
+    },{
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::${var.stack_s3_bucket}/data/${var.dataset_s3_object_key}/fence_mapping.json"
     },{
       "Action": [
         "s3:ListBucket"
@@ -444,7 +450,8 @@ resource "aws_iam_role_policy" "dictionary-deployment-s3-policy" {
       "Condition": {
         "StringLike": {
           "s3:prefix": [
-            "releases/jenkins_pipeline_build_${var.stack_githash_long}/*"
+            "releases/jenkins_pipeline_build_${var.stack_githash_long}/*",
+            "data/${var.dataset_s3_object_key}/*"
           ]
         }
       }