feat: Allow PutObjectAcl on S3 to s3-access-role

Mykhailo Babych · Mykhailo Babych · commit 9a90215c3500 · 2025-01-31T15:28:06.000+02:00
diff --git a/README.md b/README.md
@@ -28,7 +28,7 @@ In the above diagram, you can see the components and their relations (PostgreSQL
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.36.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | 2.11.0 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.35.1 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.33.0 |
 
 ## Modules
 
diff --git a/main.tf b/main.tf
@@ -140,6 +140,17 @@ data "aws_iam_policy_document" "s3_bucket_policy" {
     resources = ["arn:aws:s3:::${each.value}/*"]
   }
 
+  statement {
+    sid    = "AllowPutObjectAclForGitlabRole"
+    effect = "Allow"
+    principals {
+      type        = "AWS"
+      identifiers = [module.gitlab_role.iam_role_arn]
+    }
+    actions   = ["s3:PutObjectAcl"]
+    resources = ["arn:aws:s3:::${each.value}/*"]
+  }
+
   statement {
     sid    = "AllowGetObjectAclForGitlabRole"
     effect = "Allow"
