Added GetObject and GetObjectVersion' permissions on the agc project bucket to be granted as part of theAgcPermissionStack. This permissions was omitted in theuserpolicy` despite being able to perform most other operations including delete destructive ones.
Description of how you validated changes
I ran the CDK locally and validated that the user assigned the policy: AgcPermissionStack-agcuserpolicy* was able to read objects from the s3 bucket directly.
Checklist
[ ] If this change would make any existing documentation invalid, I have included those updates within this PR
[ ] I have added unit tests that prove my fix is effective or that my feature works
Description of Changes
Added
GetObjectandGetObjectVersion' permissions on the agc project bucket to be granted as part of theAgcPermissionStack. This permissions was omitted in theuserpolicy` despite being able to perform most other operations including delete destructive ones.Description of how you validated changes
I ran the CDK locally and validated that the user assigned the policy:
AgcPermissionStack-agcuserpolicy*was able to read objects from the s3 bucket directly.Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license