[ELI-731] addressing commments

TOEL2 · TOEL2 · commit 8afd37ce8ec6 · 2026-04-16T13:21:00.000+01:00
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -843,7 +843,7 @@ data "aws_iam_policy_document" "regression_test_permissions" {
       "dynamodb:ListTagsOfResource"
     ]
     resources = [
-      "arn:aws:dynamodb:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:table/my-table"
+      "arn:aws:dynamodb:*:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"
     ]
   }
 
@@ -899,7 +899,10 @@ data "aws_iam_policy_document" "regression_test_permissions" {
       "ssm:GetParametersByPath"
     ]
     resources = [
-      "arn:aws:ssm:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:parameter/my-app/*"
+      "arn:aws:ssm:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:parameter/${var.environment}/*",
+      "arn:aws:ssm:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:parameter/splunk/*",
+      "arn:aws:ssm:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:parameter/ptl/*",
+      "arn:aws:ssm:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:parameter/prod/*"
     ]
   }
 }
@@ -1028,7 +1031,7 @@ resource "aws_iam_role_policy_attachment" "regression_test_permissions" {
   policy_arn = aws_iam_policy.regression_test_permissions.arn
 }
 
-resource "aws_iam_role_policy_attachment" "security_management" {
+resource "aws_iam_role_policy_attachment" "regression_security_management" {
   role       = aws_iam_role.regression_test_role.name
   policy_arn = aws_iam_policy.security_management.arn
 }

Original file line number	Diff line number	Diff line change
`@@ -843,7 +843,7 @@ data "aws_iam_policy_document" "regression_test_permissions" {`
`843`	`843`	`"dynamodb:ListTagsOfResource"`
`844`	`844`	`]`
`845`	`845`	`resources = [`
`846`		`- "arn:aws:dynamodb:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:table/my-table"`
	`846`	`+ "arn:aws:dynamodb::${data.aws_caller_identity.current.account_id}:table/eligibility-signposting-api-${var.environment}-eligibility_datastore"`
`847`	`847`	`]`
`848`	`848`	`}`
`849`	`849`
`@@ -899,7 +899,10 @@ data "aws_iam_policy_document" "regression_test_permissions" {`
`899`	`899`	`"ssm:GetParametersByPath"`
`900`	`900`	`]`
`901`	`901`	`resources = [`
`902`		`- "arn:aws:ssm:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:parameter/my-app/*"`
	`902`	`+ "arn:aws:ssm:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:parameter/${var.environment}/*",`
	`903`	`+ "arn:aws:ssm:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:parameter/splunk/*",`
	`904`	`+ "arn:aws:ssm:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:parameter/ptl/*",`
	`905`	`+ "arn:aws:ssm:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:parameter/prod/*"`
`903`	`906`	`]`
`904`	`907`	`}`
`905`	`908`	`}`
`@@ -1028,7 +1031,7 @@ resource "aws_iam_role_policy_attachment" "regression_test_permissions" {`
`1028`	`1031`	`policy_arn = aws_iam_policy.regression_test_permissions.arn`
`1029`	`1032`	`}`
`1030`	`1033`
`1031`		`-resource "aws_iam_role_policy_attachment" "security_management" {`
	`1034`	`+resource "aws_iam_role_policy_attachment" "regression_security_management" {`
`1032`	`1035`	`role = aws_iam_role.regression_test_role.name`
`1033`	`1036`	`policy_arn = aws_iam_policy.security_management.arn`
`1034`	`1037`	`}`