[ELI-702] - adding permissions

Author: TOEL2

infrastructure/stacks/iams-developer-roles/github_actions_policies.tf

@@ -726,7 +726,9 @@ resource "aws_iam_policy" "code_signing_management" {
           "lambda:DeleteCodeSigningConfig",
           "lambda:GetCodeSigningConfig",
           "lambda:ListCodeSigningConfigs",
-          "lambda:GetFunctionCodeSigningConfig"
+          "lambda:GetFunctionCodeSigningConfig",
+          "lambda:ListTags",
+          "lambda:DeleteFunctionCodeSigningConfig"
         ],
         Resource = "*"
       },

infrastructure/stacks/iams-developer-roles/iams_permissions_boundary.tf

@@ -89,6 +89,9 @@ data "aws_iam_policy_document" "permissions_boundary" {
       # Kinesis Stream - audit log streaming
       "kinesis:*",
 
+      # CodeSigning
+      "signer:*",
+
       # IAM - specific role and policy management
       "iam:GetRole*",
       "iam:GetPolicy*",
@@ -156,6 +159,10 @@ data "aws_iam_policy_document" "permissions_boundary" {
       "lambda:DeleteProvisionedConcurrencyConfig",
       "lambda:ListProvisionedConcurrencyConfigs",
       "lambda:PutFunctionConcurrency",
+      "lambda:GetCodeSigningConfig",
+      "lambda:DeleteFunctionCodeSigningConfig",
+      "lambda:PutFunctionCodeSigningConfig",
+      "lambda:DeleteCodeSigningConfig",
 
       # CloudWatch Logs - log management
       "logs:*",