Merge remote-tracking branch 'origin/main' into feature/eja-eli-238-address-checkov-flagged-issues

eddalmond1 · eddalmond1 · commit 3faf948b43ba · 2025-06-05T15:39:59.000+01:00
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -68,6 +68,11 @@ resource "aws_iam_policy" "api_infrastructure" {
           "kms:GetKeyPolicy*",
           "kms:GetKeyRotationStatus",
           "kms:Decrypt*",
+          "kms:DeleteAlias",
+          "kms:UpdateKeyDescription",
+          "kms:CreateGrant",
+          "kms:CreateAlias",
+
 
           # Cloudwatch permissions
           "logs:Describe*",
@@ -85,6 +90,8 @@ resource "aws_iam_policy" "api_infrastructure" {
           "iam:Create*",
           "iam:Update*",
           "iam:Delete*",
+          "iam:PutRolePermissionsBoundary",
+          "iam:PutRolePolicy",
 
           # ssm
           "ssm:GetParameter",
