fix SSM actions

CMSgov · Sep 19, 2024 · a9d298d · a9d298d
1 parent eaa182c
commit a9d298d
Showing 1 changed file with 2 additions and 12 deletions.
diff --git a/ops/terraform/env/mgmt/cloudwatch.tf b/ops/terraform/env/mgmt/cloudwatch.tf
@@ -25,22 +25,12 @@ resource "aws_iam_policy" "github_actions_ci_ops" {
           ]
           Resource = "*"
         },
-        {
-          Sid    = "AllowGetHostedZoneParams"
-          Effect = "Allow"
-          Action = [
-            "ssm:GetParameter"
-          ]
-          Resource = [
-            "arn:aws:ssm:${local.region}:${local.account_id}:parameter/bfd/mgmt/common/sensitive/r53_hosted_zone_root_domain",
-            "arn:aws:ssm:${local.region}:${local.account_id}:parameter/bfd/mgmt/common/sensitive/r53_hosted_zone_root_is_private"
-          ]
-        },
         {
           Sid    = "AllowGetParams"
           Effect = "Allow"
           Action = [
-            "ssm:GetParametersByPath"
+            "ssm:GetParametersByPath",
+            "ssm:GetParameter"
           ]
           Resource = [
             "arn:aws:ssm:${local.region}:${local.account_id}:parameter/bfd/*"