allow directory management permission set to start SSM connections (#…

…5943)
ministryofjustice · Jan 10, 2024 · 9d3be86 · 9d3be86
1 parent d758a89
commit 9d3be86
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/terraform/environments/bootstrap/delegate-access/policies.tf b/terraform/environments/bootstrap/delegate-access/policies.tf
@@ -828,6 +828,7 @@ data "aws_iam_policy_document" "directory-management-document" {
       "ec2:AuthorizeSecurityGroupIngress",
       "ec2:AuthorizeSecurityGroupEgress",
       "ec2:CreateTags",
+      "ssm:*",
       "ssm-guiconnect:*Connection"
     ]
     resources = ["*"] #tfsec:ignore:AWS099 tfsec:ignore:AWS097