diff --git a/CHANGELOG.md b/CHANGELOG.md index a76c21e..8e74388 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [6.18.2] - 2023-06-01 +### Fixed +- `conditional_consumer_iamroles` were not able to list objects within a buckets. + ## [6.18.1] - 2023-05-30 ### Changed - Added `conditional_consumer_iamroles` in principles even when customer_condition is empty. diff --git a/templates/apiary-bucket-policy.json b/templates/apiary-bucket-policy.json index 9246aa3..8d44884 100644 --- a/templates/apiary-bucket-policy.json +++ b/templates/apiary-bucket-policy.json @@ -7,7 +7,11 @@ "Sid": "Apiary customer account bucket permissions", "Effect": "Allow", "Principal": { +%{if conditional_consumer_iamroles == ""} "AWS": [ "${customer_principal}" ] +%{else} + "AWS": [ "${customer_principal}", "${conditional_consumer_iamroles}" ] +%{endif} }, "Action": [ "s3:GetBucketLocation",