Merge pull request #123 from NHSDigital/bugfix/eja-eli-131-adding-additional-permissions-for-deployment-role

eddalmond1 · web-flow · commit af21a9b4c6c5 · 2025-06-05T15:39:09.000+01:00
eli-131 adding additional permissions for github role
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -61,6 +61,11 @@ resource "aws_iam_policy" "api_infrastructure" {
           "kms:GetKeyPolicy*",
           "kms:GetKeyRotationStatus",
           "kms:Decrypt*",
+          "kms:DeleteAlias",
+          "kms:UpdateKeyDescription",
+          "kms:CreateGrant",
+          "kms:CreateAlias",
+
 
           # Cloudwatch permissions
           "logs:Describe*",
@@ -78,6 +83,8 @@ resource "aws_iam_policy" "api_infrastructure" {
           "iam:Create*",
           "iam:Update*",
           "iam:Delete*",
+          "iam:PutRolePermissionsBoundary",
+          "iam:PutRolePolicy",
 
           # ssm
           "ssm:GetParameter",
