From b7987f184d86ee3b6bb9888ed4455c4abedc01c5 Mon Sep 17 00:00:00 2001
From: Todd Morse <todd@morsecodist.io>
Date: Tue, 7 Mar 2023 12:49:29 -0500
Subject: [PATCH] update batch job permission in correct location (#105)

---
 terraform/iam_policy_templates/batch_job.json | 28 -------------------
 terraform/modules/swipe-sfn-batch-job/main.tf |  1 +
 2 files changed, 1 insertion(+), 28 deletions(-)
 delete mode 100644 terraform/iam_policy_templates/batch_job.json

diff --git a/terraform/iam_policy_templates/batch_job.json b/terraform/iam_policy_templates/batch_job.json
deleted file mode 100644
index ac7e14e0..00000000
--- a/terraform/iam_policy_templates/batch_job.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "s3:List*",
-        "s3:GetObject*",
-        "s3:PutObject*",
-        "s3:DeleteObjectTagging",
-        "s3:CreateMultipartUpload"
-      ],
-      "Resource": [
-        "arn:aws:s3:::aegea-batch-jobs-${AWS_ACCOUNT_ID}",
-        "arn:aws:s3:::aegea-batch-jobs-${AWS_ACCOUNT_ID}/*",
-        "arn:aws:s3:::sfn-wdl-dev",
-        "arn:aws:s3:::sfn-wdl-dev/*"
-      ]
-    },
-    {
-      "Effect": "Allow",
-      "Action": [
-        "cloudwatch:PutMetricData"
-      ],
-      "Resource": "*"
-    }
-  ]
-}
diff --git a/terraform/modules/swipe-sfn-batch-job/main.tf b/terraform/modules/swipe-sfn-batch-job/main.tf
index df3c8506..454d2bf2 100644
--- a/terraform/modules/swipe-sfn-batch-job/main.tf
+++ b/terraform/modules/swipe-sfn-batch-job/main.tf
@@ -52,6 +52,7 @@ resource "aws_iam_policy" "swipe_batch_main_job" {
           "s3:List*",
           "s3:GetObject*",
           "s3:PutObject*",
+          "s3:DeleteObjectTagging",
           "s3:CreateMultipartUpload"
         ],
         Resource : concat(compact([