Add permissions for managing s3 bucket policies and lifecycle configu…

…rations. The JPT-dev role needs these extra permissions to allow attaching a policy to a bucket and to create a lifecycle rule to automatically clean the bucket contents. These permissions are required when setting the jiraSharedStorageConfig option in DataCenterFormula (in aws-infrastructure) to store avatar and/or attachments in an S3 bucket (instead of the shared home).
atlassian-labs · Oct 27, 2023 · a59072d · a59072d
1 parent bee83aa
commit a59072d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -23,6 +23,9 @@ Dropping a requirement of a major version of a dependency is a new contract.
 ## [Unreleased]
 [Unreleased]: https://github.com/atlassian-labs/aws-resources/compare/release-1.13.0...master
 
+### Added
+- Add permissions for managing s3 bucket policies and lifecycle configurations.
+
 ### Fixed
 - Add missing `iam:GetRole` permission. You have to update the policy manually. Fix [JPERF-1407].
 

diff --git a/src/main/resources/iam-policy.json b/src/main/resources/iam-policy.json
@@ -49,6 +49,10 @@
         "s3:GetObject",
         "s3:ListBucket",
         "s3:PutObject",
+        "s3:GetBucketPolicy",
+        "s3:PutBucketPolicy",
+        "s3:DeleteBucketPolicy",
+        "s3:PutLifecycleConfiguration",
         "sts:GetCallerIdentity",
         "support:CreateCase"
       ],