chore(infra): make the S3 marts access policy managed

lalver1 · lalver1 · commit 843eb60b8c26 · 2025-07-24T10:26:30.000-05:00
given how AWS Copilot works, it is more convenient to use a managed
policy since it is automatically attached to the Task role.
diff --git a/infra/copilot/streamlit/addons/s3-marts-access-policy.yml b/infra/copilot/streamlit/addons/s3-marts-access-policy.yml
@@ -11,12 +11,9 @@ Parameters:
 
 Resources:
   S3martsBucketAccessPolicy:
-    Type: AWS::IAM::Policy
+    Type: AWS::IAM::ManagedPolicy
     Properties:
-      PolicyName: s3martsBucketPolicy
-      # Attach this policy to the TaskRole provided by Copilot.
-      Roles:
-        - "pems-dev-streamlit-TaskRole-5Zuwi15thMkN"
+      Description: "Access to S3 marts bucket"
       PolicyDocument:
         Version: "2012-10-17"
         Statement:
@@ -30,6 +27,6 @@ Resources:
             Resource: "arn:aws:s3:::caltrans-pems-prd-us-west-2-marts"
 
 Outputs:
-  S3martsAccessPolicyArn:
-    Description: "The ARN of the S3 marts access policy"
+  S3martsBucketAccessPolicyArn:
+    Description: "The ARN of the S3 marts bucket access policy"
     Value: !Ref S3martsBucketAccessPolicy
