From 1302b4c1876455e5f7812135cdd5dd2d97e7f10a Mon Sep 17 00:00:00 2001
From: Denys Havrysh <denys.gavrysh@gmail.com>
Date: Mon, 26 Feb 2024 17:47:46 +0200
Subject: [PATCH] Allow users to set and read own access keys description

---
 modules/iam-group-with-policies/policies.tf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/iam-group-with-policies/policies.tf b/modules/iam-group-with-policies/policies.tf
index 2b021c8c..5a880c11 100644
--- a/modules/iam-group-with-policies/policies.tf
+++ b/modules/iam-group-with-policies/policies.tf
@@ -53,7 +53,10 @@ data "aws_iam_policy_document" "iam_self_management" {
       "iam:DeleteAccessKey",
       "iam:ListAccessKeys",
       "iam:UpdateAccessKey",
-      "iam:GetAccessKeyLastUsed"
+      "iam:GetAccessKeyLastUsed",
+      "iam:TagUser",
+      "iam:ListUserTags",
+      "iam:UntagUser",
     ]
 
     resources = [