terraform: fix cache-log permissions

This is what AWS sets when configuring the log bucket.
NixOS · Nov 7, 2023 · eab30ea · eab30ea
1 parent 8929ca0
commit eab30ea
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/terraform/cache_log.tf b/terraform/cache_log.tf
@@ -76,7 +76,22 @@ data "aws_iam_policy_document" "cache_log" {
     resources = [
       aws_s3_bucket.cache_log.arn,
     ]
+  }
+
+  statement {
+    sid    = "S3PolicyStmt-DO-NOT-MODIFY-1699369618664"
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["logging.s3.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
 
+    resources = [
+      "${aws_s3_bucket.cache_log.arn}/*",
+    ]
   }
 }