Update s3-lambda-agentcore/deploy.tf

burdeazy · marcojahn · web-flow · commit 0231a9fef656 · 2026-01-21T10:37:01.000-05:00
Co-authored-by: Marco &lt;marco.jahn@gmail.com&gt;
diff --git a/s3-lambda-agentcore/deploy.tf b/s3-lambda-agentcore/deploy.tf
@@ -78,13 +78,22 @@ statement {
   ]
 }
   statement {
-    actions = [
-      "s3:GetObject",
-      "s3:ListBucket"
-    ]
-    effect    = "Allow"
-    resources = ["*"]
-  }
+  actions = [
+    "s3:GetObject"
+  ]
+  effect    = "Allow"
+  resources = [
+    "${aws_s3_bucket.input_bucket.arn}/*"
+  ]
+}
+statement {
+  actions = [
+    "s3:ListBucket"
+  ]
+  effect    = "Allow"
+  resources = [
+    aws_s3_bucket.input_bucket.arn
+  ]
 }
 
 resource "aws_iam_role" "agentcore_role" {
