Merge pull request #322 from originalworks/fix-owen-blobs-batch-sender-permission

cezary-stroczynski · web-flow · commit 5db4c954312a · 2025-10-09T15:13:12.000+02:00
Fix blobs batch sender aws permission issue
diff --git a/aws/owen-infra/resources/owen-blobs-queue.yml b/aws/owen-infra/resources/owen-blobs-queue.yml
@@ -70,6 +70,15 @@ Resources:
                   - sqs:GetQueueAttributes
                 Resource:
                   - !GetAtt OwenBlobsQueue.Arn
+        - PolicyName: S3ReadPermissions
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Effect: Allow
+                Action:
+                  - s3:GetObject
+                  - s3:ListBucket
+                Resource: !Sub "${BlobsTempStorage.Arn}/*"
 
   BlobsTempStorage:
     Type: AWS::S3::Bucket
