From 4b35fdbb9632211c0fd51de9c5429e00e0fa846f Mon Sep 17 00:00:00 2001 From: Max Wardle Date: Mon, 3 Jun 2024 11:31:06 -0700 Subject: [PATCH 1/2] updated the boundary policy to include bedrock --- modules/iam-users/main.tf | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/iam-users/main.tf b/modules/iam-users/main.tf index 422bbe1..8502417 100644 --- a/modules/iam-users/main.tf +++ b/modules/iam-users/main.tf @@ -182,7 +182,7 @@ resource "aws_lambda_permission" "allow_cloudwatch_every_five_minutes" { } # Permission boundary -resource "aws_iam_policy" "s3_full_access_boundary" { +resource "aws_iam_policy" "user_access_boundary" { name = "BCGOV_IAM_USER_BOUNDARY_POLICY" path = "/" description = "Permission boundary policy for the BC Gov IAM user service" @@ -202,6 +202,12 @@ resource "aws_iam_policy" "s3_full_access_boundary" { Action = "ses:*", Resource = "*" }, + { + Sid = "BedrockFullAccess", + Effect = "Allow", + Action = "bedrock:*", + Resource = "*" + }, { Sid = "SSMandKMSAccess", Effect = "Allow", From 61940f3b8ba105299b474d8c002965ff4bf16766 Mon Sep 17 00:00:00 2001 From: Max Wardle Date: Mon, 3 Jun 2024 11:43:53 -0700 Subject: [PATCH 2/2] reverted name change --- modules/iam-users/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/iam-users/main.tf b/modules/iam-users/main.tf index 8502417..25514d5 100644 --- a/modules/iam-users/main.tf +++ b/modules/iam-users/main.tf @@ -182,7 +182,7 @@ resource "aws_lambda_permission" "allow_cloudwatch_every_five_minutes" { } # Permission boundary -resource "aws_iam_policy" "user_access_boundary" { +resource "aws_iam_policy" "s3_full_access_boundary" { name = "BCGOV_IAM_USER_BOUNDARY_POLICY" path = "/" description = "Permission boundary policy for the BC Gov IAM user service"