Last tidying around #12964

mrzarquon · roboquat · commit 033e1789a670 · 2022-09-22T09:20:22.000+02:00
Typos in policy declarations

```release-note
[AWS Infra] Terraform code updated to create correct policies for S3 buckets
```
diff --git a/install/infra/modules/eks/storage.tf b/install/infra/modules/eks/storage.tf
@@ -31,7 +31,7 @@ data "aws_iam_policy_document" "s3_policy" {
       "s3:DeleteObject",
       "s3:AbortMultipartUpload"
     ]
-    resources = [aws_s3_bucket.gitpod-storage[count.index].arn]
+    resources = ["${aws_s3_bucket.gitpod-storage[count.index].arn}/*"]
     effect    = "Allow"
   }
       statement {
@@ -45,14 +45,14 @@ data "aws_iam_policy_document" "s3_policy" {
 
 resource "aws_iam_policy" "policy" {
   count       = var.create_external_storage ? 1 : 0
-  name        = "spolicy-${var.cluster_name}"
+  name        = "policy-${var.cluster_name}"
   description = "Gitpod ${var.cluster_name} object storage bucket policy"
   policy      = data.aws_iam_policy_document.s3_policy[0].json
 }
 
 resource "aws_iam_user" "bucket_storage" {
   count = var.create_external_storage ? 1 : 0
-  name  = "suser-${var.cluster_name}"
+  name  = "user-${var.cluster_name}"
 
 }
 
@@ -102,7 +102,7 @@ data "aws_iam_policy_document" "s3_policy_registry" {
       "s3:DeleteObject",
       "s3:AbortMultipartUpload"
     ]
-    resources = [ws_s3_bucket.gitpod-registry-backend[count.index].arn]
+    resources = ["${aws_s3_bucket.gitpod-registry-backend[count.index].arn}/*"]
     effect    = "Allow"
   }
   statement {

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ data "aws_iam_policy_document" "s3_policy" {`
`31`	`31`	`"s3:DeleteObject",`
`32`	`32`	`"s3:AbortMultipartUpload"`
`33`	`33`	`]`
`34`		`- resources = [aws_s3_bucket.gitpod-storage[count.index].arn]`
	`34`	`+ resources = ["${aws_s3_bucket.gitpod-storage[count.index].arn}/*"]`
`35`	`35`	`effect = "Allow"`
`36`	`36`	`}`
`37`	`37`	`statement {`
`@@ -45,14 +45,14 @@ data "aws_iam_policy_document" "s3_policy" {`
`45`	`45`
`46`	`46`	`resource "aws_iam_policy" "policy" {`
`47`	`47`	`count = var.create_external_storage ? 1 : 0`
`48`		`- name = "spolicy-${var.cluster_name}"`
	`48`	`+ name = "policy-${var.cluster_name}"`
`49`	`49`	`description = "Gitpod ${var.cluster_name} object storage bucket policy"`
`50`	`50`	`policy = data.aws_iam_policy_document.s3_policy[0].json`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`resource "aws_iam_user" "bucket_storage" {`
`54`	`54`	`count = var.create_external_storage ? 1 : 0`
`55`		`- name = "suser-${var.cluster_name}"`
	`55`	`+ name = "user-${var.cluster_name}"`
`56`	`56`
`57`	`57`	`}`
`58`	`58`
`@@ -102,7 +102,7 @@ data "aws_iam_policy_document" "s3_policy_registry" {`
`102`	`102`	`"s3:DeleteObject",`
`103`	`103`	`"s3:AbortMultipartUpload"`
`104`	`104`	`]`
`105`		`- resources = [ws_s3_bucket.gitpod-registry-backend[count.index].arn]`
	`105`	`+ resources = ["${aws_s3_bucket.gitpod-registry-backend[count.index].arn}/*"]`
`106`	`106`	`effect = "Allow"`
`107`	`107`	`}`
`108`	`108`	`statement {`