Missing IAM permissions integration role persistent environments

data-dot-all · Sep 11, 2024 · 93b0997 · 93b0997
1 parent 01c65c8
commit 93b0997
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/backend/dataall/core/environment/cdk/environment_stack.py b/backend/dataall/core/environment/cdk/environment_stack.py
@@ -581,12 +581,11 @@ def create_integration_tests_role(self):
                     's3:CreateBucket',
                     's3:DeleteBucket',
                     's3:PutEncryptionConfiguration',
-                    's3:List*',
                     's3:GetObject*',
                     's3:DeleteObject',
                 ],
                 effect=iam.Effect.ALLOW,
-                resources=['arn:aws:s3:::dataalltesting*'],
+                resources=['arn:aws:s3:::dataalltesting*', 'arn:aws:s3:::dataalltesting*/*'],
             )
         )
         self.test_role.add_to_policy(
@@ -618,6 +617,7 @@ def create_integration_tests_role(self):
                     'kms:TagResource',
                     'kms:DescribeKey',
                     's3:GetBucketVersioning',
+                    's3:List*',
                 ],
                 effect=iam.Effect.ALLOW,
                 resources=['*'],