VED-26: Give endpoint Lambdas the required permissions to attach to the VPC.

mfjarvis · mfjarvis · commit 99cf3a7bf25e · 2025-06-26T16:18:11.000+01:00
diff --git a/terraform/endpoints.tf b/terraform/endpoints.tf
@@ -1,7 +1,7 @@
 /// This file creates all lambdas needed for each endpoint plus api-gateway
 
 locals {
-  policy_path     = "${path.root}/policies"
+  policy_path = "${path.root}/policies"
 }
 
 data "aws_iam_policy_document" "logs_policy_document" {
@@ -51,7 +51,8 @@ data "aws_iam_policy_document" "imms_policy_document" {
     }),
     templatefile("${local.policy_path}/secret_manager.json", {
       "account_id" : data.aws_caller_identity.current.account_id
-    })
+    }),
+    file("${local.policy_path}/ec2_network_interfaces.json")
   ]
 }
 
diff --git a/terraform/policies/ec2_network_interfaces.json b/terraform/policies/ec2_network_interfaces.json
@@ -0,0 +1,14 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "ec2:CreateNetworkInterface",
+        "ec2:DescribeNetworkInterfaces",
+        "ec2:DeleteNetworkInterface"
+      ],
+      "Resource": "*"
+    }
+  ]
+}

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`/// This file creates all lambdas needed for each endpoint plus api-gateway`
`2`	`2`
`3`	`3`	`locals {`
`4`		`- policy_path = "${path.root}/policies"`
	`4`	`+ policy_path = "${path.root}/policies"`
`5`	`5`	`}`
`6`	`6`
`7`	`7`	`data "aws_iam_policy_document" "logs_policy_document" {`
`@@ -51,7 +51,8 @@ data "aws_iam_policy_document" "imms_policy_document" {`
`51`	`51`	`}),`
`52`	`52`	`templatefile("${local.policy_path}/secret_manager.json", {`
`53`	`53`	`"account_id" : data.aws_caller_identity.current.account_id`
`54`		`- })`
	`54`	`+ }),`
	`55`	`+ file("${local.policy_path}/ec2_network_interfaces.json")`
`55`	`56`	`]`
`56`	`57`	`}`
`57`	`58`