Skip to content

Commit

Permalink
many added perms
Browse files Browse the repository at this point in the history
  • Loading branch information
@timothy-ellis-ky
timothy-ellis-ky committed Sep 19, 2024
1 parent be8be67 commit 35f1420
Showing 1 changed file with 62 additions and 4 deletions.
66 changes: 62 additions & 4 deletions ops/terraform/env/mgmt/cloudwatch.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,11 @@ resource "aws_iam_policy" "github_actions_ci_ops" {
"ec2:DescribeManagedPrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeVpcs",
"ec2:GetEbsEncryptionByDefault",
"ec2:GetManagedPrefixListEntries",
"route53:ListHostedZones",
"s3:ListAllMyBuckets",
"s3:Get*",
"sts:GetCallerIdentity"
]
Resource = "*"
Expand Down Expand Up @@ -50,20 +53,75 @@ resource "aws_iam_policy" "github_actions_ci_ops" {
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey",
"kms:GetKey*",
"kms:List*"
"kms:GenerateDataKey*"
]
Resource = concat(local.all_kms_config_key_arns, local.all_kms_data_key_arns)
},
{
Sid = "AllowListOfAllKeys"
Effect = "Allow"
Action = [
"kms:Describe*",
"kms:GetKey*",
"kms:List*"
]
Resource = "*"
},
{
Sid = "AllowSNS"
Effect = "Allow"
Action = [
"sns:Get*",
"sns:List*"
]
Resource = "*"
},
{
Sid = "AllowLogMetrics"
Effect = "Allow"
Action = [
"logs:Describe*",
"logs:List*"
]
Resource = "*"
},
{
Sid = "AllowIam"
Effect = "Allow"
Action = [
"iam:Get*",
"iam:List*",
"iam:Describe*"
]
Resource = "*"
},
{
Sid = "AllowCodeArtifact"
Effect = "Allow"
Action = [
"codeartifact:Describe*",
"codeartifact:Get*",
"codeartifact:List*",
]
Resource = "*"
},
{
Sid = "AllowDynamo"
Effect = "Allow"
Action = [
"dynamodb:Describe*",
"dynamodb:List*"
]
Resource = "*"
},
{
Sid = "AllowQuicksignt"
Effect = "Allow"
Action = [
"quicksight:Get*",
"quicksight:Describe*"
]
Resource = "*"
}
]
Version = "2012-10-17"
Expand Down

0 comments on commit 35f1420

Please sign in to comment.