From c0c951e7bfe5816269c909fa837681273f297a5b Mon Sep 17 00:00:00 2001
From: Alexey Markevich <buhhunyx@gmail.com>
Date: Mon, 5 Dec 2022 11:30:44 +0100
Subject: [PATCH 1/2] External Secrets Policy: add ssm:GetParameters permission

https://docs.aws.amazon.com/systems-manager/latest/userguide/integrating_csi_driver.html#integrating_csi_driver_access
---
 modules/iam-role-for-service-accounts-eks/policies.tf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/iam-role-for-service-accounts-eks/policies.tf b/modules/iam-role-for-service-accounts-eks/policies.tf
index d4ff8289..a4a83c27 100644
--- a/modules/iam-role-for-service-accounts-eks/policies.tf
+++ b/modules/iam-role-for-service-accounts-eks/policies.tf
@@ -410,7 +410,10 @@ data "aws_iam_policy_document" "external_secrets" {
   count = var.create_role && var.attach_external_secrets_policy ? 1 : 0
 
   statement {
-    actions   = ["ssm:GetParameter"]
+    actions   = [
+      "ssm:GetParameter",
+      "ssm:GetParameters",
+    ]
     resources = var.external_secrets_ssm_parameter_arns
   }
 

From b77591ff31343e180aba1042931e9a05051cb179 Mon Sep 17 00:00:00 2001
From: Bryant Biggs <bryantbiggs@gmail.com>
Date: Wed, 7 Dec 2022 08:50:46 -0500
Subject: [PATCH 2/2] fix: Correct formatting to pass CI checks

---
 .pre-commit-config.yaml                               | 4 ++--
 modules/iam-role-for-service-accounts-eks/policies.tf | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 74f3751c..d5886a6d 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.76.0
+    rev: v1.77.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
@@ -23,7 +23,7 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
diff --git a/modules/iam-role-for-service-accounts-eks/policies.tf b/modules/iam-role-for-service-accounts-eks/policies.tf
index a4a83c27..d9017f23 100644
--- a/modules/iam-role-for-service-accounts-eks/policies.tf
+++ b/modules/iam-role-for-service-accounts-eks/policies.tf
@@ -410,7 +410,7 @@ data "aws_iam_policy_document" "external_secrets" {
   count = var.create_role && var.attach_external_secrets_policy ? 1 : 0
 
   statement {
-    actions   = [
+    actions = [
       "ssm:GetParameter",
       "ssm:GetParameters",
     ]