Closed bsweger closed 5 months ago
Parts of this work got entwined with #36, because the shared, hubverse-wide IAM roles and policies made more sense to write as part of the PR that creates the lambda that requires them.
The hub-specific pieces of this issue will be in a follow-up PR (WIP branch: https://github.com/Infectious-Disease-Modeling-Hubs/hubverse-infrastructure/tree/bsweger/add-hub-specific-lambda-infra)
Additional permissions added to the AWS IAM roles used for infrastrature:
hubverse-infrastructure-write-policy
PutBucketNotification
Background
The AWS Lambda function responsible for transforming incoming model-output files will require specific IAM role and permissions. These currently exist: they were created manually to test the use of S3 triggers/lambda functions and now need to be codified in Pulumi, our infrastructure as code (IaC) tool.
Work required
Use Pulumi to create the AWS IAM components required to support a "hubverse transform" lambda function, so that:
Definition of done
More information about AWS permissions and lambda: https://docs.aws.amazon.com/lambda/latest/dg/lambda-permissions.html