Allow Terraform to make Shield changes

[dms1981]

A reference to the issue / Description of it

#7032

How does this PR fix the problem?

Allows role assumed through GitHub Actions to make changes to AWS Shield, such as SRT role association.

How has this been tested?

Please describe the tests that you ran and provide instructions to reproduce.

Added permission as previous ones are added.

Deployment Plan / Instructions

Deploy through CI

Checklist (check x in [ ] of list items)

• I have performed a self-review of my own code
• All checks have passed
• I have made corresponding changes to the documentation
• Plan and discussed how it should be deployed to PROD (If needed)

Additional comments (if any)

{Please write here}

[github-actions]

Please check the plan carefully before deploying these changes.

⚠️ Making changes to the terraform/environments/bootstrap/member-bootstrap/iam.tf file will alter the IAM permissions for all members on the MP platform. In particular the member-access policy which defines the permissions members have for building IaC in their environments or the github OIDC role that defines the permissions for their application CI/CD pipelines. Please ensure that any permissions changes have been agreed with the wider team.

[github-actions]

Trivy Scan Success

Show Output

```hcl

---

Trivy will check the following folders:
terraform/environments/bootstrap/member-bootstrap

---

Running Trivy in terraform/environments/bootstrap/member-bootstrap
2024-06-03T09:31:32Z INFO Need to update DB
2024-06-03T09:31:32Z INFO Downloading DB... repository="ghcr.io/aquasecurity/trivy-db:2"
2024-06-03T09:31:35Z INFO Vulnerability scanning is enabled
2024-06-03T09:31:35Z INFO Misconfiguration scanning is enabled
2024-06-03T09:31:35Z INFO Need to update the built-in policies
2024-06-03T09:31:35Z INFO Downloading the built-in policies...
49.76 KiB / 49.76 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-06-03T09:31:35Z INFO Secret scanning is enabled
2024-06-03T09:31:35Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-03T09:31:35Z INFO Please see also https://aquasecurity.github.io/trivy/v0.52/docs/scanner/secret/#recommendation for faster secret detection
2024-06-03T09:31:39Z INFO Number of language-specific files num=0
2024-06-03T09:31:39Z INFO Detected config files num=5

github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=c3bde7c787038ff5536bfb1b73781072edbb74da/main.tf (terraform)

Tests: 3 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 3)
Failures: 0 (HIGH: 0, CRITICAL: 0)

iam.tf (terraform)

Tests: 168 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 168)
Failures: 0 (HIGH: 0, CRITICAL: 0)

instance-scheduler.tf (terraform)

Tests: 13 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 13)
Failures: 0 (HIGH: 0, CRITICAL: 0)

ssm.tf (terraform)

Tests: 8 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 8)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running Checkov in terraform/environments/bootstrap/member-bootstrap
Excluding the following checks: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
2024-06-03 09:31:41,545 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=0179859e6fafc567843cd55c0b05d325d5012dc4:None (for external modules, the --download-external-modules flag is required)
2024-06-03 09:31:41,545 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-cross-account-access?ref=6819b090bce6d3068d55c7c7b9b3fd18c9dca648:None (for external modules, the --download-external-modules flag is required)
2024-06-03 09:31:41,545 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=c3bde7c787038ff5536bfb1b73781072edbb74da:None (for external modules, the --download-external-modules flag is required)
2024-06-03 09:31:41,545 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-github-oidc-provider?ref=82f546bd5f002674138a2ccdade7d7618c6758b3:None (for external modules, the --download-external-modules flag is required)
2024-06-03 09:31:41,545 [MainThread  ] [WARNI]  Failed to download module github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-assumable-role?ref=de95e21a3bc51cd3a44b3b95a4c2f61000649ebb:None (for external modules, the --download-external-modules flag is required)
2024-06-03 09:31:41,546 [MainThread  ] [WARNI]  Failed to download module github.com/terraform-aws-modules/terraform-aws-iam//modules/iam-assumable-roles?ref=de95e21a3bc51cd3a44b3b95a4c2f61000649ebb:None (for external modules, the --download-external-modules flag is required)
terraform scan results:

Passed checks: 147, Failed checks: 0, Skipped checks: 51


checkov_exitcode=0

CTFLint Scan Success

Show Output

*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running tflint in terraform/environments/bootstrap/member-bootstrap
Excluding the following checks: terraform_unused_declarations
tflint_exitcode=0

Trivy Scan Success

Show Output

*****************************

Trivy will check the following folders:
terraform/environments/bootstrap/member-bootstrap

*****************************

Running Trivy in terraform/environments/bootstrap/member-bootstrap
2024-06-03T09:31:32Z	INFO	Need to update DB
2024-06-03T09:31:32Z	INFO	Downloading DB...	repository="ghcr.io/aquasecurity/trivy-db:2"
2024-06-03T09:31:35Z	INFO	Vulnerability scanning is enabled
2024-06-03T09:31:35Z	INFO	Misconfiguration scanning is enabled
2024-06-03T09:31:35Z	INFO	Need to update the built-in policies
2024-06-03T09:31:35Z	INFO	Downloading the built-in policies...
49.76 KiB / 49.76 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2024-06-03T09:31:35Z	INFO	Secret scanning is enabled
2024-06-03T09:31:35Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-03T09:31:35Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.52/docs/scanner/secret/#recommendation for faster secret detection
2024-06-03T09:31:39Z	INFO	Number of language-specific files	num=0
2024-06-03T09:31:39Z	INFO	Detected config files	num=5

github.com/ministryofjustice/modernisation-platform-github-oidc-role?ref=c3bde7c787038ff5536bfb1b73781072edbb74da/main.tf (terraform)
=====================================================================================================================================
Tests: 3 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 3)
Failures: 0 (HIGH: 0, CRITICAL: 0)


iam.tf (terraform)
==================
Tests: 168 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 168)
Failures: 0 (HIGH: 0, CRITICAL: 0)


instance-scheduler.tf (terraform)
=================================
Tests: 13 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 13)
Failures: 0 (HIGH: 0, CRITICAL: 0)


ssm.tf (terraform)
==================
Tests: 8 (SUCCESSES: 0, FAILURES: 0, EXCEPTIONS: 8)
Failures: 0 (HIGH: 0, CRITICAL: 0)

trivy_exitcode=0