Github role - add provisioned concurrency delete policy (#330)

Author: Karthikeyannhs

infrastructure/stacks/iams-developer-roles/github_actions_policies.tf

@@ -65,9 +65,12 @@ resource "aws_iam_policy" "lambda_management" {
           "lambda:GetPolicy",
           "lambda:GetAlias",
           "lambda:GetFunction",
-          "lambda:GetProvisionedConcurrencyConfig",
           "lambda:GetLayerVersion",
-          "lambda:PutProvisionedConcurrencyConfig"
+          "lambda:GetProvisionedConcurrencyConfig",
+          "lambda:PutProvisionedConcurrencyConfig",
+          "lambda:DeleteProvisionedConcurrencyConfig",
+          "lambda:ListProvisionedConcurrencyConfigs",
+
         ],
         Resource = [
           "arn:aws:lambda:*:${data.aws_caller_identity.current.account_id}:function:eligibility_signposting_api",
@@ -109,7 +112,7 @@ resource "aws_iam_policy" "dynamodb_management" {
         }
       ],
       # to create test users in preprod
-      var.environment == "preprod" ? [
+        var.environment == "preprod" ? [
         {
           Effect = "Allow",
           Action = [

infrastructure/stacks/iams-developer-roles/iams_permissions_boundary.tf

@@ -152,9 +152,11 @@ data "aws_iam_policy_document" "permissions_boundary" {
       "lambda:RemovePermission",
       "lambda:GetPolicy",
       "lambda:GetAlias",
-      "lambda:GetProvisionedConcurrencyConfig",
       "lambda:GetLayerVersion",
+      "lambda:GetProvisionedConcurrencyConfig",
       "lambda:PutProvisionedConcurrencyConfig",
+      "lambda:DeleteProvisionedConcurrencyConfig",
+      "lambda:ListProvisionedConcurrencyConfigs",
 
       # CloudWatch Logs - log management
       "logs:CreateLogGroup",