Fix IAM permissions for SSM session

ouranos · ouranos · commit cbe8526eff42 · 2022-02-25T09:48:10.000+11:00
Avoid getting the following error when "Enforce CloudWatch log
encryption" is enabled:

```
"Your session has been terminated for the following reasons: We couldn't
start the session because encryption is not set up on the selected
CloudWatch Logs log group. Either encrypt the log group or choose an
option to enable logging without encryption."
```
diff --git a/templates/aws-stack.yml b/templates/aws-stack.yml
@@ -843,6 +843,7 @@ Resources:
               - logs:CreateLogGroup
               - logs:CreateLogStream
               - logs:PutLogEvents
+              - logs:DescribeLogGroups
               - logs:DescribeLogStreams
             Resource: "*"
           - Sid: Ssm
