TASK AS/AJ Update github iam role policy permissions

- Remove r53 permissions in test env policy
- Add firehose permissions in test env policy

Author: anoop-surej-nhs

infrastructure/environments/test/test-github-iam-role-policy.json

@@ -125,6 +125,12 @@
         "events:PutTargets",
         "events:RemoveTargets",
         "events:TagResource",
+        "firehose:CreateDeliveryStream",
+        "firehose:DescribeDeliveryStream",
+        "firehose:ListTagsForDeliveryStream",
+        "firehose:StartDeliveryStreamEncryption",
+        "firehose:TagDeliveryStream",
+        "firehose:UpdateDestination",
         "iam:AttachRolePolicy",
         "iam:CreatePolicy",
         "iam:CreatePolicyVersion",
@@ -189,15 +195,6 @@
         "logs:PutMetricFilter",
         "logs:PutRetentionPolicy",
         "logs:PutSubscriptionFilter",
-        "route53:AssociateVPCWithHostedZone",
-        "route53:ChangeResourceRecordSets",
-        "route53:ChangeTagsForResource",
-        "route53:CreateHostedZone",
-        "route53:DeleteHostedZone",
-        "route53:GetChange",
-        "route53:GetHostedZone",
-        "route53:ListResourceRecordSets",
-        "route53:ListTagsForResource",
         "s3:CreateBucket",
         "s3:DeleteBucket",
         "s3:DeleteBucketPolicy",
@@ -225,6 +222,9 @@
         "s3:PutBucketTagging",
         "s3:PutBucketVersioning",
         "s3:PutObject",
+        "secretsmanager:DescribeSecret",
+        "secretsmanager:GetResourcePolicy",
+        "secretsmanager:GetSecretValue",
         "SNS:CreateTopic",
         "SNS:DeleteTopic",
         "SNS:GetTopicAttributes",

infrastructure/github-iam-role-policy.json

@@ -99,8 +99,8 @@
         "lambda:ListTags",
         "lambda:ListVersionsByFunction",
         "lambda:PublishVersion",
-        "lambda:PutFunctionEventInvokeConfig",
         "lambda:PutFunctionConcurrency",
+        "lambda:PutFunctionEventInvokeConfig",
         "lambda:RemovePermission",
         "lambda:TagResource",
         "lambda:UpdateAlias",