add kms:List* for all

CMSgov · Sep 19, 2024 · 4b49104 · 4b49104
1 parent 92313e6
commit 4b49104
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/ops/terraform/env/mgmt/cloudwatch.tf b/ops/terraform/env/mgmt/cloudwatch.tf
@@ -58,6 +58,14 @@ resource "aws_iam_policy" "github_actions_ci_ops" {
             "kms:List*"
           ]
           Resource = concat(local.all_kms_config_key_arns, local.all_kms_data_key_arns)
+        },
+        {
+          Sid    = "AllowListOfAllKeys"
+          Effect = "Allow"
+          Action = [
+            "kms:List*"
+          ]
+          Resource = "*"
         }
       ]
       Version = "2012-10-17"