Fix: policy to access the S3 marts bucket (#190)

lalver1 · web-flow · commit 566c3b5ea8f7 · 2025-07-24T17:02:18.000-05:00
diff --git a/infra/copilot/streamlit/addons/s3-marts-access-policy.yml b/infra/copilot/streamlit/addons/s3-marts-access-policy.yml
@@ -0,0 +1,32 @@
+Parameters:
+  App:
+    Type: String
+    Description: Your application's name.
+  Env:
+    Type: String
+    Description: The environment name your service, job, or workflow is being deployed to.
+  Name:
+    Type: String
+    Description: Your workload's name.
+
+Resources:
+  S3martsBucketAccessPolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      Description: "Access to S3 marts bucket"
+      PolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Sid: S3ObjectActions
+            Effect: Allow
+            Action: s3:GetObject
+            Resource: "arn:aws:s3:::caltrans-pems-prd-us-west-2-marts/*"
+          - Sid: S3ListAction
+            Effect: Allow
+            Action: s3:ListBucket
+            Resource: "arn:aws:s3:::caltrans-pems-prd-us-west-2-marts"
+
+Outputs:
+  S3martsBucketAccessPolicyArn:
+    Description: "The ARN of the S3 marts bucket access policy"
+    Value: !Ref S3martsBucketAccessPolicy
