Skip to content

Commit

Permalink
Grant Control Panel role read policy permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@michaeljcollinsuk
michaeljcollinsuk committed Jun 3, 2024
1 parent 7fce043 commit cf7d2c6
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
9 changes: 9 additions & 0 deletions terraform/aws/analytical-platform-development/cluster/iam-policies.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -347,6 +347,15 @@ data "aws_iam_policy_document" "control_panel_api" {
actions = ["iam:DeletePolicy"]
resources = ["arn:aws:iam::${var.account_ids["analytical-platform-development"]}:policy/${var.resource_prefix}-*"]
}
statement {
sid = "CanReadIAMPolicies"
effect = "Allow"
actions = [
"iam:GetPolicy",
"iam:GetPolicyVersion",
]
resources = ["arn:aws:iam::${var.account_ids["analytical-platform-development"]}:policy/*"]
}
statement {
sid = "CanAttachPolicies"
effect = "Allow"
Expand Down
9 changes: 9 additions & 0 deletions terraform/aws/analytical-platform-production/cluster/iam-policies.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,15 @@ data "aws_iam_policy_document" "control_panel_api" {
actions = ["iam:DeletePolicy"]
resources = ["arn:aws:iam::${var.account_ids["analytical-platform-data-production"]}:policy/${var.resource_prefix}-*"]
}
statement {
sid = "CanReadIAMPolicies"
effect = "Allow"
actions = [
"iam:GetPolicy",
"iam:GetPolicyVersion",
]
resources = ["arn:aws:iam::${var.account_ids["analytical-platform-data-production"]}:policy/*"]
}
statement {
sid = "CanAttachPolicies"
effect = "Allow"
Expand Down

0 comments on commit cf7d2c6

Please sign in to comment.