Make additional S3 buckets configurable via variable

Replace hardcoded smart-meter-data-sb bucket with additional_s3_buckets variable for better consistency and flexibility

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: jpvelez

infra/main.tf

@@ -144,12 +144,18 @@ resource "aws_iam_role_policy" "s3_access" {
           "s3:DeleteObject",
           "s3:ListBucket"
         ]
-        Resource = [
-          "arn:aws:s3:::${var.s3_bucket_name}",
-          "arn:aws:s3:::${var.s3_bucket_name}/*",
-          "arn:aws:s3:::smart-meter-data-sb",
-          "arn:aws:s3:::smart-meter-data-sb/*"
-        ]
+        Resource = concat(
+          [
+            "arn:aws:s3:::${var.s3_bucket_name}",
+            "arn:aws:s3:::${var.s3_bucket_name}/*"
+          ],
+          flatten([
+            for bucket in var.additional_s3_buckets : [
+              "arn:aws:s3:::${bucket}",
+              "arn:aws:s3:::${bucket}/*"
+            ]
+          ])
+        )
       }
     ]
   })

infra/variables.tf

@@ -52,6 +52,12 @@ variable "s3_mount_path" {
   default     = "/data.sb"
 }
 
+variable "additional_s3_buckets" {
+  description = "Additional S3 buckets that the instance needs access to (beyond the mounted bucket)"
+  type        = list(string)
+  default     = ["smart-meter-data-sb"]
+}
+
 variable "project_name" {
   description = "Name prefix for resources"
   type        = string