Skip to content

Commit

Permalink
Tm/onr bods more permissions (#9047)
Browse files Browse the repository at this point in the history 
* add more permissions

* put all the permissions in to run tests

* spelling
  • Loading branch information
@robertsweetman
robertsweetman authored Dec 10, 2024
1 parent 1df6172 commit ef4da73
Showing 1 changed file with 28 additions and 5 deletions.
33 changes: 28 additions & 5 deletions terraform/environments/oasys-national-reporting/locals_preproduction.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ locals {
}
))
instance_profile_policies = concat(local.ec2_instances.bods.config.instance_profile_policies, [
"Ec2SecretPolicy", "Ec2DescribeSubnets",
"Ec2SecretPolicy", "Ec2ValidateFSX",
])
})
# IMPORTANT: EBS volume initialization, labelling, formatting was carried out manually on this instance. It was not automated so these ebs_volume settings are bespoke. Additional volumes should NOT be /dev/xvd* see the local.ec2_instances.bods.ebs_volumes setting for the correct device names.
Expand Down Expand Up @@ -179,17 +179,40 @@ locals {
}
]
}
Ec2DescribeSubnets = {
description = "Permissions required for instances to describe subnets"
Ec2ValidateFSX = {
description = "Permissions required for instances to run fsx test scripts"
statements = [
{
effect = "Allow"
actions = [
"ec2:DescribeSubnets",
"ec2:Describe*"
]
resources = [
"*",
"*"
]
},
{
effect = "Allow"
actions = [
"elasticloadbalancing:Describe*"
]
resources = [
"*"
]
},
{
effect = "Allow"
actions = [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:Describe*"
]
resources = ["*"]
},
{
effect = "Allow"
actions = ["autoscaling:Describe*"]
resources = ["*"]
}
]
}
Expand Down

0 comments on commit ef4da73

Please sign in to comment.