feat: DBTP-1380 Get Opensearch/Redis versions from AWS API - Permissi…

…ons on env pipeline (#275)
uktrade · Nov 15, 2024 · aca4cc4 · aca4cc4
1 parent 9c98250
commit aca4cc4
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/environment-pipelines/iam.tf b/environment-pipelines/iam.tf
@@ -544,6 +544,17 @@ data "aws_iam_policy_document" "redis" {
       "arn:aws:elasticache:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:cluster:*"
     ]
   }
+
+  statement {
+    actions = [
+      "elasticache:DescribeCacheEngineVersions"
+    ]
+    effect = "Allow"
+    resources = [
+      "*"
+    ]
+    sid = "AllowRedisListVersions"
+  }
 }
 
 resource "aws_iam_policy" "redis" {
@@ -767,6 +778,17 @@ data "aws_iam_policy_document" "opensearch" {
       "arn:aws:es:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:domain/*"
     ]
   }
+
+  statement {
+    actions = [
+      "es:ListVersions"
+    ]
+    effect = "Allow"
+    resources = [
+      "*"
+    ]
+    sid = "AllowOpensearchListVersions"
+  }
 }
 
 resource "aws_iam_policy" "opensearch" {