CCM-12481 migrating the S3 quarantine bucket up to the acct component #711
Conversation
| bucket_name = module.s3bucket_quarantine.id | ||
| object_prefixes = ["pdf-template/", "test-data/", "proofs/"] | ||
| bucket_name = data.aws_s3_bucket.quarantine.id | ||
| object_prefixes = ["${local.csi}/pdf-template/", "${local.csi}/test-data/", "${local.csi}/proofs/"] |
There was a problem hiding this comment.
Should this be part of the acct level component and be independent of the csi?
| ] | ||
|
|
||
| resources = ["${module.s3bucket_quarantine.arn}/*"] | ||
| resources = ["${data.aws_s3_bucket.quarantine.arn}/*"] |
There was a problem hiding this comment.
Can we restrict access to csi scoped objects?
e.g. something like "${data.aws_s3_bucket.quarantine.arn}/${local.csi}/*"
| ] | ||
|
|
||
| resources = ["${module.s3bucket_quarantine.arn}/*"] | ||
| resources = ["${data.aws_s3_bucket.quarantine.arn}/*"] |
There was a problem hiding this comment.
Can we restrict access to csi scoped objects?
e.g. something like "${data.aws_s3_bucket.quarantine.arn}/${local.csi}/*"
| ] | ||
|
|
||
| resources = ["${module.s3bucket_quarantine.arn}/*"] | ||
| resources = ["${data.aws_s3_bucket.quarantine.arn}/*"] |
There was a problem hiding this comment.
Can we restrict access to csi scoped objects?
e.g. something like "${data.aws_s3_bucket.quarantine.arn}/${local.csi}/*"
| ] | ||
|
|
||
| resources = ["${module.s3bucket_quarantine.arn}/*"] | ||
| resources = ["${data.aws_s3_bucket.quarantine.arn}/*"] |
There was a problem hiding this comment.
Can we restrict access to csi scoped objects?
e.g. something like "${data.aws_s3_bucket.quarantine.arn}/${local.csi}/*"
| resources = [ | ||
| "${module.s3bucket_quarantine.arn}/test-data/*", | ||
| "${module.s3bucket_quarantine.arn}/pdf-template/*", | ||
| "${data.aws_s3_bucket.quarantine.arn}/test-data/*", |
There was a problem hiding this comment.
Can we restrict access to csi scoped objects?
e.g. something like "${data.aws_s3_bucket.quarantine.arn}/${local.csi}/test-data/*"
|
This should leave the existing bucket in place to allow a migration over of the |
mark-r-bjss
left a comment
mark-r-bjss
left a comment
There was a problem hiding this comment.
Not safe to get rid of the quarantine bucket without updating the aws_cloudwatch_event_rules
mark-r-bjss
left a comment
mark-r-bjss
left a comment
There was a problem hiding this comment.
Not safe to get rid of the quarantine bucket without updating the aws_cloudwatch_event_rules
4 participants
Description
Migrating the quarantine S3 bucket up and out to the acct component
Context
Type of changes
Checklist
Sensitive Information Declaration
To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.