From 21fd4b30e3862468e0c8a31475659fb6cab3ead0 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Sat, 11 Nov 2023 14:33:07 +0200
Subject: [PATCH] terraform: give archaeologist IAM policy permission to access
 cache_log bucket

---
 terraform-iam/archeologist.tf | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/terraform-iam/archeologist.tf b/terraform-iam/archeologist.tf
index b643d38c..4b25c651 100644
--- a/terraform-iam/archeologist.tf
+++ b/terraform-iam/archeologist.tf
@@ -30,6 +30,17 @@ resource "aws_iam_policy" "archologist" {
                 "arn:aws:s3:::nix-releases-inventory220231029182031496800000001/*"
             ]
         },
+        {
+            "Sid": "NixCacheLogsReadOnly",
+            "Effect": "Allow",
+            "Action": [
+                "s3:Get*"
+            ],
+            "Resource": [
+                "arn:aws:s3:::nix-cache-log",
+                "arn:aws:s3:::nix-cache-log/*"
+            ]
+        },
         {
             "Sid": "NixArcheologistReadWrite",
             "Effect": "Allow",