Merge pull request #251 from NHSDigital/bugfix/eja-add-github-ec2-public-access-block-permission

eddalmond1 · web-flow · commit a45b39011353 · 2025-07-23T11:33:37.000+01:00
bugfix - Github action needs permission to modify public access block
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -190,6 +190,7 @@ resource "aws_iam_policy" "api_infrastructure" {
           "ssm:DescribeParameters",
           "ec2:Describe*",
           "ec2:DescribeVpcs",
+          "ec2:ModifyVpcBlockPublicAccessOptions",
           # API Gateway domain and deployment
           "apigateway:*",
           # ACM for certs
@@ -204,6 +205,7 @@ resource "aws_iam_policy" "api_infrastructure" {
           "logs:PutLogEvents",
           # IAM PassRole for logging role association (if needed)
           "iam:PassRole"
+
         ],
         Resource = "*"
         #checkov:skip=CKV_AWS_289: Actions require wildcard resource
