attach S3 access for guests to group not user (#372)

swiknaba · web-flow · commit c5e2065c0bdc · 2025-01-15T13:17:51.000+01:00
diff --git a/aws/s3-shared/guest-iam.tf b/aws/s3-shared/guest-iam.tf
@@ -28,9 +28,9 @@ data "aws_iam_policy_document" "s3" {
   }
 }
 
-resource "aws_iam_user_policy" "s3" {
+resource "aws_iam_group_policy" "s3" {
   name   = "s3-access-for-${module.s3.bucket_name}"
-  user   = aws_iam_user.guest.name
+  group  = "guest-humans"
   policy = data.aws_iam_policy_document.s3.json
 }
 

Original file line number	Diff line number	Diff line change
`@@ -28,9 +28,9 @@ data "aws_iam_policy_document" "s3" {`
`28`	`28`	`}`
`29`	`29`	`}`
`30`	`30`
`31`		`-resource "aws_iam_user_policy" "s3" {`
	`31`	`+resource "aws_iam_group_policy" "s3" {`
`32`	`32`	`name = "s3-access-for-${module.s3.bucket_name}"`
`33`		`- user = aws_iam_user.guest.name`
	`33`	`+ group = "guest-humans"`
`34`	`34`	`policy = data.aws_iam_policy_document.s3.json`
`35`	`35`	`}`
`36`	`36`