VED-26: Add missing permissions for VPC access.

mfjarvis · mfjarvis · commit daffe6f460b3 · 2025-07-09T14:03:48.000+01:00
diff --git a/terraform/forwarder_lambda.tf b/terraform/forwarder_lambda.tf
@@ -185,6 +185,15 @@ resource "aws_iam_policy" "forwarding_lambda_exec_policy" {
           "sqs:SendMessage"
         ]
         Resource = aws_sqs_queue.fifo_queue.arn
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "ec2:CreateNetworkInterface",
+          "ec2:DescribeNetworkInterfaces",
+          "ec2:DeleteNetworkInterface"
+        ],
+        Resource = "*"
       }
     ]
   })

Original file line number	Diff line number	Diff line change
`@@ -185,6 +185,15 @@ resource "aws_iam_policy" "forwarding_lambda_exec_policy" {`
`185`	`185`	`"sqs:SendMessage"`
`186`	`186`	`]`
`187`	`187`	`Resource = aws_sqs_queue.fifo_queue.arn`
	`188`	`+ },`
	`189`	`+ {`
	`190`	`+ Effect = "Allow",`
	`191`	`+ Action = [`
	`192`	`+ "ec2:CreateNetworkInterface",`
	`193`	`+ "ec2:DescribeNetworkInterfaces",`
	`194`	`+ "ec2:DeleteNetworkInterface"`
	`195`	`+ ],`
	`196`	`+ Resource = "*"`
`188`	`197`	`}`
`189`	`198`	`]`
`190`	`199`	`})`