Grant extra permissions

#1127
alphagov · Oct 15, 2024 · 7c1ae9c · 7c1ae9c
1 parent f645ad6
commit 7c1ae9c
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/terraform/deployments/tfc-aws-config/aws_oidc.tf b/terraform/deployments/tfc-aws-config/aws_oidc.tf
@@ -121,6 +121,20 @@ data "aws_iam_policy_document" "tfc_policy" {
     actions   = ["iam:*User"]
     resources = ["arn:aws:iam::*:user/govuk-*-transition-downloader"]
   }
+  statement {
+    actions = ["iam:GetUser"]
+    resources = [
+      "arn:aws:iam::*:user/govuk-*-fastly-logs-writer",
+      "arn:aws:iam::*:user/govuk-*-transition-downloader"
+    ]
+  }
+  statement {
+    actions = [
+      "athena:GetNamedQuery",
+      "athena:ListNamedQueries"
+    ]
+    resources = ["*"]
+  }
   statement {
     effect    = "Deny"
     resources = ["*"]