Add ListBucket permission to enable aws s3 sync

Remove non-existent s3 actions `s3:CopyObjects` and `s3:ListObjects` are not registered as IAM s3 actions. Fixes #977
spack · Oct 31, 2024 · bd0c3ee · bd0c3ee
1 parent 5883529
commit bd0c3ee
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/terraform/modules/spack_aws_k8s/bootstrap_s3.tf b/terraform/modules/spack_aws_k8s/bootstrap_s3.tf
@@ -36,9 +36,10 @@ resource "aws_s3_bucket_policy" "bootstrap" {
           "AWS" : "arn:aws:iam::679174810898:root"
         },
         "Action" : [
+          "s3:DeleteObject*",
           "s3:GetObject*",
-          "s3:PutObject*",
-          "s3:DeleteObject*"
+          "s3:ListBucket*",
+          "s3:PutObject*"
         ],
         "Resource" : "arn:aws:s3:::${aws_s3_bucket.bootstrap.bucket}/pcluster/*"
       }