Merge pull request #28 from ASFHyP3/publish-permissions

asjohnston-asf · web-flow · commit 6b9c584d4665 · 2026-03-01T19:43:02.000-09:00
update data-publisher permissions
diff --git a/asf-event-data/data-publisher.yml b/asf-event-data/data-publisher.yml
@@ -10,14 +10,15 @@ Resources:
     Type: AWS::IAM::User
     Properties:
       UserName: data-publisher
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
       Policies:
         - PolicyName: data-publisher-policy
           PolicyDocument:
             Version: 2012-10-17
             Statement:
               - Effect: Allow
-                Action: s3:ListBucket
-                Resource: !Sub "arn:aws:s3:::${OpenDataBucketName}"
-              - Effect: Allow
-                Action: s3:PutObject
+                Action:
+                  - s3:PutObject
+                  - s3:PutObjectTagging
                 Resource: !Sub "arn:aws:s3:::${OpenDataBucketName}/*"
