Skip to content

Commit 9e997b4

Browse files
KarthikeyannhsKarthikeyannhs
committed
ELI-545 - data for taking the user account
1 parent 8aa599d commit 9e997b4

1 file changed

Lines changed: 8 additions & 17 deletions

File tree

infrastructure/stacks/api-layer/service_account.tf

Lines changed: 8 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,14 @@
1-
resource "aws_iam_user" "tableau_service" {
2-
name = "tableau-athena-service-account"
1+
# Reference the pre-created user
2+
data "aws_iam_user" "tableau_service" {
3+
user_name = "tableau-athena-service-account"
34
}
45

56
resource "time_rotating" "athena_key_rotation" {
67
rotation_days = 90
78
}
89

910
resource "aws_iam_access_key" "tableau_key" {
10-
user = aws_iam_user.tableau_service.name
11+
user = data.aws_iam_user.tableau_service.user_name
1112

1213
lifecycle {
1314
replace_triggered_by = [time_rotating.athena_key_rotation]
@@ -16,7 +17,7 @@ resource "aws_iam_access_key" "tableau_key" {
1617

1718
resource "aws_iam_user_policy" "tableau_athena_policy" {
1819
name = "TableauAthenaAccess"
19-
user = aws_iam_user.tableau_service.name
20+
user = data.aws_iam_user.tableau_service.user_name
2021

2122
policy = jsonencode({
2223
Version = "2012-10-17"
@@ -48,31 +49,21 @@ resource "aws_iam_user_policy" "tableau_athena_policy" {
4849
Resource = [
4950
"arn:aws:glue:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:catalog",
5051
"arn:aws:glue:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:database/elid_dq",
51-
"arn:aws:glue:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:table/elid_dq/cohort_metrics"
52+
"arn:aws:glue:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:table/elid_dq/*"
5253
]
5354
},
5455
{
5556
# 3. Data Access (Your specific S3 bucket)
5657
Effect = "Allow"
57-
Action = [
58-
"s3:GetBucketLocation",
59-
"s3:GetObject",
60-
"s3:ListBucket"
61-
]
58+
Action = ["s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket"]
6259
Resource = [
6360
"arn:aws:s3:::${module.s3_dq_metrics_bucket.storage_bucket_name}",
6461
"arn:aws:s3:::${module.s3_dq_metrics_bucket.storage_bucket_name}/*"
6562
]
6663
},
6764
{
68-
# Athena Results - Staging Directory
6965
Effect = "Allow"
70-
Action = [
71-
"s3:GetBucketLocation",
72-
"s3:GetObject",
73-
"s3:ListBucket",
74-
"s3:PutObject"
75-
]
66+
Action = ["s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject"]
7667
Resource = [
7768
"arn:aws:s3:::${module.s3_athena_dq_query_bucket.storage_bucket_name}",
7869
"arn:aws:s3:::${module.s3_athena_dq_query_bucket.storage_bucket_name}/*"

0 commit comments

Comments
 (0)