Update iam.tf (#5244)

ministryofjustice · Oct 17, 2023 · d255e5e · d255e5e
1 parent cde957c
commit d255e5e
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/terraform/environments/bootstrap/member-bootstrap/iam.tf b/terraform/environments/bootstrap/member-bootstrap/iam.tf
@@ -412,9 +412,14 @@ data "aws_iam_policy_document" "policy" {
       "ecr:UploadLayerPart",
       "ec2:DescribeInstances",
       "ec2:CreateNetworkInterface",
+      "ec2:CreateNetworkInterfacePermission",
       "ec2:AttachNetworkInterface",
-      "ec2:DescribeNetworkInterfaces",
       "ec2:DeleteNetworkInterface",
+      "ec2:DescribeSecurityGroups",
+      "ec2:DescribeSubnets",
+      "ec2:DescribeVpcEndpoints",
+      "ec2:DescribeNetworkInterfaces",
+      "ec2:ModifyNetworkInterfaceAttribute",
       "elasticfilesystem:Describe*",
       "elasticfilesystem:Create*",
       "elasticfilesystem:Delete*",
@@ -437,11 +442,15 @@ data "aws_iam_policy_document" "policy" {
       "iam:listAttachedRolePolicies",
       "iam:listInstanceProfilesForRole",
       "iam:listRolePolicies",
+      "iam:ListRoles",
       "iam:PassRole",
       "kinesis:PutRecord",
       "kms:DescribeKey",
       "kms:Decrypt",
       "kms:GenerateDataKey",
+      "logs:CreateLogGroup",
+      "logs:DescribeLogGroups",
+      "logs:DescribeResourcePolicies",
       "logs:GetLogEvents",
       "s3:GetBucketLocation",
       "s3:ListBucket",