JetBrains / kotless

Kotlin Serverless Framework
Apache License 2.0
1.15k stars 57 forks source link

S3Bucket permission doesn't support ListObjects #120

Open bdueck opened 2 years ago

bdueck commented 2 years ago

Kotless S3Bucket permission annotation generates terraform incorrectly for the ListObjects operation.

ListObjects requires the s3:ListBucket permission to be applied to the s3 arn without a trailing "/". i.e. the arn needs to look like this arn:aws:s3:::my-bucket instead of arn:aws:s3:::my-bucket/

In other words, we need a new statement in the generated aws_iam_policy_document for Permission.Read or Permission.ReadWrite for the s3 bucket that looks something like this:

statement { actions = ["s3:List*"] effect = "Allow" resources = ["arn:aws:s3:::my-bucket"] }