kms policies attachment to lambda (#204)

* kms policies attachment to lambda

* manual-terraform-apply

Author: Karthikeyannhs

…hub/workflows/manual-terraform-plan.yaml …ub/workflows/manual-terraform-apply.yaml.github/workflows/manual-terraform-plan.yaml renamed to .github/workflows/manual-terraform-apply.yaml .github/workflows/manual-terraform-plan.yaml renamed to .github/workflows/manual-terraform-apply.yaml

@@ -1,4 +1,4 @@
-name: Manual Terraform Plan
+name: Manual Terraform Apply
 
 on:
   workflow_dispatch:
@@ -65,8 +65,8 @@ jobs:
         run: |
           mkdir -p ./build
           echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=networking tf-command=plan args=\"-auto-approve\""
-          make terraform env=$ENVIRONMENT stack=networking tf-command=plan workspace=$WORKSPACE
+          make terraform env=$ENVIRONMENT stack=networking tf-command=apply workspace=$WORKSPACE
           echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=plan args=\"-auto-approve\""
-          make terraform env=$ENVIRONMENT stack=api-layer tf-command=plan workspace=$WORKSPACE
+          make terraform env=$ENVIRONMENT stack=api-layer tf-command=apply workspace=$WORKSPACE
 
         working-directory: ./infrastructure

infrastructure/stacks/api-layer/iam_policies.tf

@@ -150,7 +150,13 @@ data "aws_iam_policy_document" "dynamodb_kms_key_policy" {
       type        = "AWS"
       identifiers = [aws_iam_role.eligibility_lambda_role.arn]
     }
-    actions   = ["kms:Decrypt"]
+    actions = [
+      "kms:Encrypt",
+      "kms:Decrypt",
+      "kms:ReEncrypt*",
+      "kms:GenerateDataKey*",
+      "kms:DescribeKey"
+    ]
     resources = ["*"]
   }
 }