ELI-545 - data for taking the user account

Karthikeyannhs · Karthikeyannhs · commit 9e997b47800b · 2026-03-13T15:37:06.000Z
diff --git a/infrastructure/stacks/api-layer/service_account.tf b/infrastructure/stacks/api-layer/service_account.tf
@@ -1,13 +1,14 @@
-resource "aws_iam_user" "tableau_service" {
-  name = "tableau-athena-service-account"
+# Reference the pre-created user
+data "aws_iam_user" "tableau_service" {
+  user_name = "tableau-athena-service-account"
 }
 
 resource "time_rotating" "athena_key_rotation" {
   rotation_days = 90
 }
 
 resource "aws_iam_access_key" "tableau_key" {
-  user = aws_iam_user.tableau_service.name
+  user = data.aws_iam_user.tableau_service.user_name
 
   lifecycle {
     replace_triggered_by = [time_rotating.athena_key_rotation]
@@ -16,7 +17,7 @@ resource "aws_iam_access_key" "tableau_key" {
 
 resource "aws_iam_user_policy" "tableau_athena_policy" {
   name = "TableauAthenaAccess"
-  user = aws_iam_user.tableau_service.name
+  user = data.aws_iam_user.tableau_service.user_name
 
   policy = jsonencode({
     Version = "2012-10-17"
@@ -48,31 +49,21 @@ resource "aws_iam_user_policy" "tableau_athena_policy" {
         Resource = [
           "arn:aws:glue:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:catalog",
           "arn:aws:glue:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:database/elid_dq",
-          "arn:aws:glue:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:table/elid_dq/cohort_metrics"
+          "arn:aws:glue:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:table/elid_dq/*"
         ]
       },
       {
         # 3. Data Access (Your specific S3 bucket)
         Effect = "Allow"
-        Action = [
-          "s3:GetBucketLocation",
-          "s3:GetObject",
-          "s3:ListBucket"
-        ]
+        Action = ["s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket"]
         Resource = [
           "arn:aws:s3:::${module.s3_dq_metrics_bucket.storage_bucket_name}",
           "arn:aws:s3:::${module.s3_dq_metrics_bucket.storage_bucket_name}/*"
         ]
       },
       {
-        # Athena Results - Staging Directory
         Effect = "Allow"
-        Action = [
-          "s3:GetBucketLocation",
-          "s3:GetObject",
-          "s3:ListBucket",
-          "s3:PutObject"
-        ]
+        Action = ["s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject"]
         Resource = [
           "arn:aws:s3:::${module.s3_athena_dq_query_bucket.storage_bucket_name}",
           "arn:aws:s3:::${module.s3_athena_dq_query_bucket.storage_bucket_name}/*"
