Allow the TFC role to do iam:PassRole to S3 services

alphagov · Apr 17, 2024 · 456a50e · 456a50e
1 parent a3e827e
commit 456a50e
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/terraform/deployments/tfc-aws-config/main.tf b/terraform/deployments/tfc-aws-config/main.tf
@@ -88,7 +88,10 @@ data "aws_iam_policy_document" "tfc_policy" {
     condition {
       test     = "StringEquals"
       variable = "iam:PassedToService"
-      values   = ["eks.amazonaws.com"]
+      values = [
+        "eks.amazonaws.com",
+        "s3.amazonaws.com"
+      ]
     }
   }
   statement {