Prometheus instance profile is requesting unnecessary permissions

[avishayil]

Describe the bug Prometheus instance profile is requesting permissions to all S3 buckets in the account. This is a security gap that needs to address, because it makes the instance to become a privileged one. In case of a breach in the instance, all the information in the S3 buckets on the accounts are exposed, hence the risk of information exposure.

Expected behavior The IAM policy should request permissions by the principle of least-privilege. Only privileges to the bucket created via terraform is needed, rather than permissions to all S3 buckets in the account.

Screenshots

# Creates an IAM policy for instance profile
resource "aws_iam_role_policy" "costbuddy_instance_policy" {
  count  = var.parent ? 1 : 0
  name   = "costbuddy-state-function-policy"
  role   = aws_iam_role.iam_for_monitoring[0].id
  policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "*"
        }
    ]
}
EOF
}

[avishayil]

PR #10 should handle this