Merge branch 'trs/cloudfront-invalidations-2'

nextstrain · Jun 3, 2024 · aecb955 · aecb955
2 parents 8dbbceb + 66dedf9
commit aecb955
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/env/production/aws-iam-policy-NextstrainPathogen@.tf b/env/production/aws-iam-policy-NextstrainPathogen@.tf
@@ -71,19 +71,26 @@ resource "aws_iam_policy" "NextstrainPathogen" {
         ],
       },
       {
-        "Sid": "CloudFront",
+        "Sid": "CloudFrontList",
         "Effect": "Allow",
         "Action": [
           "cloudfront:ListDistributions",
+        ],
+        "Resource": "*",
+      },
+      {
+        "Sid": "CloudFrontReadWrite",
+        "Effect": "Allow",
+        "Action": [
           "cloudfront:CreateInvalidation",
           "cloudfront:GetInvalidation",
         ],
         # XXX TODO: Import CloudFront resources into Terraform and pull their
         # IDs dynamically instead of hardcoding them here.
         #   -trs, 31 May 2024
         "Resource": [
-          "arn:aws:cloudfront:::distribution/E3LB0EWZKCCV",   # data.nextstrain.org
-          "arn:aws:cloudfront:::distribution/E3L83FTHWUN0BV", # staging.nextstrain.org
+          "arn:aws:cloudfront::827581582529:distribution/E3LB0EWZKCCV",   # data.nextstrain.org
+          "arn:aws:cloudfront::827581582529:distribution/E3L83FTHWUN0BV", # staging.nextstrain.org
         ],
       }
     ]