ELI 546 -add more permissions in permission boundary

Author: Karthikeyannhs

infrastructure/modules/secrets_manager/kms.tf

@@ -14,8 +14,8 @@ resource "aws_kms_key" "secrets_cmk" {
         Sid    = "AllowAccountAdminsFullAccess"
         Effect = "Allow"
         Principal = { AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root" }
-        actions = ["kms:*"]
-        resources = ["*"]
+        Action   = "kms:*"
+        Resource = "*"
       },
       # Allow Secrets Manager service to use the key
       {

infrastructure/modules/secrets_manager/secrets_manager.tf

@@ -13,7 +13,7 @@ resource "aws_secretsmanager_secret" "hashing_secret" {
 # Initial secrets
 resource "aws_secretsmanager_secret_version" "hashing_secrets_test" {
   secret_id = aws_secretsmanager_secret.hashing_secret.id
-  secret_string = "this_is_a_test_secret"
+  secret_string = "initial_secret"
 }
 
 # Resource-based policy attached to the secret

infrastructure/stacks/api-layer/assumed_role_permissions_boundary.tf

@@ -59,7 +59,8 @@ data "aws_iam_policy_document" "assumed_role_permissions_boundary" {
       "xray:PutTelemetryRecords",
 
       # Secret Manager
-      "secretsmanager:GetSecretValue"
+      "secretsmanager:GetSecretValue",
+      "secretsmanager:DescribeSecret"
     ]
 
     resources = ["*"]