From 89e3fa8819d47b00d36f251d9e4997d493329013 Mon Sep 17 00:00:00 2001
From: julialawrence <julia.lawrence@digital.justice.gov.uk>
Date: Mon, 9 Sep 2024 17:42:50 +0100
Subject: [PATCH] Updating the requests import and adding missing IAM
 permssions

---
 function/app.py |  2 +-
 main.tf         | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/function/app.py b/function/app.py
index f1b0298..485e11e 100644
--- a/function/app.py
+++ b/function/app.py
@@ -5,7 +5,7 @@
 import traceback
 
 import boto3
-import requests
+from pip._vendor import requests
 from botocore.exceptions import ClientError
 
 # Initialize environment variables
diff --git a/main.tf b/main.tf
index 9478602..c2ab285 100644
--- a/main.tf
+++ b/main.tf
@@ -41,6 +41,7 @@ data "aws_iam_policy_document" "default" {
       "identitystore:ListGroupMemberships",
       "identitystore:ListGroups",
       "identitystore:ListUsers",
+      "identitystore:DescribeUser",
     ]
     resources = [
       "arn:aws:identitystore::${data.aws_caller_identity.current.account_id}:identitystore/*",
@@ -49,6 +50,16 @@ data "aws_iam_policy_document" "default" {
       "arn:aws:identitystore:::membership/*"
     ]
   }
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "sso:ListInstances",
+    ]
+    resources = [
+      "arn:aws:sso:::instance/*"
+    ]
+  }
 }
 
 resource "aws_iam_policy" "default" {