ELI-577: Fixes permissions for test

shweta-nhs · shweta-nhs · commit 6e6a0c7e897f · 2026-01-15T15:15:31.000Z
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -70,6 +70,7 @@ resource "aws_iam_policy" "lambda_management" {
           "lambda:PutProvisionedConcurrencyConfig",
           "lambda:DeleteProvisionedConcurrencyConfig",
           "lambda:ListProvisionedConcurrencyConfigs",
+          "lambda:PutFunctionConcurrency",
 
         ],
         Resource = [
@@ -304,7 +305,8 @@ resource "aws_iam_policy" "api_infrastructure" {
           # WAF v2 logs (both naming conventions)
           "arn:aws:logs:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:log-group:/aws/wafv2/*",
           "arn:aws:logs:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:log-group:aws-wafv2-logs-*",
-          "arn:aws:logs:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:log-group:aws-waf-logs-*"
+          "arn:aws:logs:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:log-group:aws-waf-logs-*",
+          "arn:aws:logs:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:log-group:/aws/stepfunctions/*"
         ]
       },
       {
diff --git a/infrastructure/stacks/iams-developer-roles/iams_permissions_boundary.tf b/infrastructure/stacks/iams-developer-roles/iams_permissions_boundary.tf
@@ -171,6 +171,7 @@ data "aws_iam_policy_document" "permissions_boundary" {
       "lambda:PutProvisionedConcurrencyConfig",
       "lambda:DeleteProvisionedConcurrencyConfig",
       "lambda:ListProvisionedConcurrencyConfigs",
+      "lambda:PutFunctionConcurrency",
 
       # CloudWatch Logs - log management
       "logs:*",
