From 5804132f93e2d772d7a1251303a52d142c960030 Mon Sep 17 00:00:00 2001
From: Markiian Slipets <Markiian.Slipets@aerlingus.com>
Date: Wed, 11 Mar 2020 18:46:59 +0200
Subject: [PATCH] bucket_access_roles_arn_list as list

---
 main.tf | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/main.tf b/main.tf
index 0bbfb5f..fcd2e63 100644
--- a/main.tf
+++ b/main.tf
@@ -114,7 +114,7 @@ resource "aws_s3_bucket" "default" {
 data "aws_iam_policy_document" "s3_bucket_policy" {
   statement {
     actions = [
-      "s3:GetObject",
+      "s3:GetObject"
     ]
 
     resources = [
@@ -149,9 +149,7 @@ data "aws_iam_policy_document" "s3_bucket_policy" {
   statement {
     actions = [
       "s3:GetBucketLocation",
-      "s3:ListBucket",
-      "s3:GetObject",
-      "s3:PutObject"
+      "s3:ListBucket"
     ]
 
     resources = [
@@ -164,6 +162,21 @@ data "aws_iam_policy_document" "s3_bucket_policy" {
     }
   }
 
+  statement {
+    actions = [
+      "s3:GetObject",
+      "s3:PutObject"
+    ]
+
+    resources = [
+      "${aws_s3_bucket.default.arn}/*",
+    ]
+
+    principals {
+      type        = "Service"
+      identifiers = var.bucket_access_roles_arn_list
+    }
+  }
 }
 
 resource "aws_s3_bucket_policy" "bucket_policy" {