Merge pull request #1148 from NHSDigital/feature/made14-NRL-1938-fixups-during-deployment

[NRL-1938] Allow github-ci to access truststore bucket. Remove ci-data bucket ACL

Author: mattdean3-nhs

terraform/account-wide-infrastructure/mgmt/iam_github-ci.tf

@@ -81,6 +81,17 @@ resource "aws_iam_policy" "github_ci_policy" {
           data.aws_secretsmanager_secret.prod_account_id.arn
         ]
       },
+      {
+        Action = [
+          "s3:GetObject",
+          "s3:ListBucket"
+        ]
+        Effect = "Allow"
+        Resource = [
+          data.aws_s3_bucket.truststore.arn,
+          "${data.aws_s3_bucket.truststore.arn}/*"
+        ]
+      },
       {
         Action = [
           "s3:PutObject",

terraform/account-wide-infrastructure/mgmt/s3.tf

@@ -2,15 +2,6 @@ resource "aws_s3_bucket" "ci_data" {
   bucket = "${local.prefix}--ci-data"
 }
 
-resource "aws_s3_bucket_acl" "ci_data" {
-  bucket = aws_s3_bucket.ci_data.id
-  acl    = "private"
-
-  depends_on = [
-    aws_s3_bucket.ci_data
-  ]
-}
-
 resource "aws_s3_bucket_public_access_block" "ci_data" {
   bucket = aws_s3_bucket.ci_data.id