Changes based on testing. (#2326)

Summary: Pull Request resolved: #2326 # Context Did a few rounds of testing on the CB clean up lambda and discovered some issues. Issue 1 - clean up lambda giving input validation error as it did not get enclave_iam_profie field in input. Fix - In KIA lambda, I was uploading the field with name - enclave_iam_role, so changed it to enclave_iam_profile. Issue 2 - I was not able to remove the S3 bucket policy using the lambda. Fix - The logic was trying to remove the ACL grants associated with the bucket, which are different than the policy associated with the bucket. Thus, changed the logic to remove the IAM role from the policy statement. Reviewed By: danbunnell Differential Revision: D48471432 Privacy Context Container: L416713 fbshipit-source-id: a258fea2b7671183a06d5aaae2f1617a47b964b7
facebookresearch · Aug 22, 2023 · 1fc0f93 · 1fc0f93
1 parent 22b7d41
commit 1fc0f93
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/fbpcs/infra/cloud_bridge/clean_up_agent/main.tf b/fbpcs/infra/cloud_bridge/clean_up_agent/main.tf
@@ -67,8 +67,8 @@ resource "aws_iam_role_policy" "clean_up_agent_lambda_access_policy" {
             "Sid": "AllowLambdaAccessToModifyS3BucketPolicy",
             "Effect": "Allow",
             "Action": [
-              "s3:GetBucketAcl",
-              "s3:PutBucketPolicy"
+                "s3:GetBucketPolicy",
+                "s3:PutBucketPolicy"
             ],
             "Resource": "arn:aws:s3:::${var.clean_up_agent_lambda_input_bucket}"
         },