feat(deploy): add ability to specify Secrets Manager policies separat…

…e to copying local keys
umccr · Oct 21, 2024 · d63692a · d63692a
1 parent 4b8c189
commit d63692a
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/deploy/lib/htsget-lambda-stack.ts b/deploy/lib/htsget-lambda-stack.ts
@@ -257,11 +257,7 @@ export class HtsgetLambdaStack extends Stack {
         removalPolicy: RemovalPolicy.RETAIN,
       });
 
-      s3BucketPolicy.addResources(private_key.secretArn, public_key.secretArn);
-    }
-
-    if (secretPolicy.resources.length !== 0) {
-      lambdaRole.addToPolicy(secretPolicy);
+      secretPolicy.addResources(private_key.secretArn, public_key.secretArn);
     }
 
     lambdaRole.addManagedPolicy(
@@ -272,6 +268,9 @@ export class HtsgetLambdaStack extends Stack {
     if (s3BucketPolicy.resources.length !== 0) {
       lambdaRole.addToPolicy(s3BucketPolicy);
     }
+    if (secretPolicy.resources.length !== 0) {
+      lambdaRole.addToPolicy(secretPolicy);
+    }
 
     let features = settings.features ?? [];
     features = features