Allow bucket access for auditing (#656)

* Allow bucket access for auditing * Update vpc.tf * Update vpc.tf
giantswarm · Oct 5, 2022 · 900c5ff · 900c5ff
1 parent 5052465
commit 900c5ff
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/modules/aws/vpc/vpc.tf b/modules/aws/vpc/vpc.tf
@@ -63,6 +63,13 @@ EOF
       "Action": "*",
       "Effect": "Allow",
       "Resource": "arn:${var.arn_region}:s3:::*-g8s-*"
+    },
+    {
+      "Sid": "Giantswarm-Audit-Rule",
+      "Principal": "*",
+      "Action": "*",
+      "Effect": "Allow",
+      "Resource": "arn:${var.arn_region}:s3:::*-giantswarm-audit-logs*/*"
     }
   ]
 }