DSOS: grant athena access to instance-access and instance-management …

…roles
ministryofjustice · Jun 17, 2024 · 34927dc · 34927dc
1 parent 29234a6
commit 34927dc
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/terraform/environments/bootstrap/single-sign-on/policies.tf b/terraform/environments/bootstrap/single-sign-on/policies.tf
@@ -655,6 +655,8 @@ data "aws_iam_policy_document" "instance-access-document" {
     sid    = "InstanceAccess"
     effect = "Allow"
     actions = [
+      "athena:StartQueryExecution",
+      "athena:StopQueryExecution",
       "ec2:GetPasswordData",
       "kms:Decrypt*",
       "kms:Encrypt",
@@ -801,6 +803,8 @@ data "aws_iam_policy_document" "instance-management-document" {
     effect = "Allow"
     actions = [
       "application-autoscaling:ListTagsForResource",
+      "athena:StartQueryExecution",
+      "athena:StopQueryExecution",
       "autoscaling:StartInstanceRefresh",
       "autoscaling:UpdateAutoScalingGroup",
       "autoscaling:SetDesiredCapacity",