audit kms s3 policy fix

Karthikeyannhs · Karthikeyannhs · commit abaee2640d83 · 2025-06-26T21:35:29.000+01:00
diff --git a/infrastructure/stacks/api-layer/iam_policies.tf b/infrastructure/stacks/api-layer/iam_policies.tf
@@ -175,7 +175,7 @@ data "aws_iam_policy_document" "s3_rules_kms_key_policy" {
     effect = "Allow"
     principals {
       type        = "AWS"
-      identifiers = [aws_iam_role.eligibility_lambda_role.arn, aws_iam_role.eligibility_audit_firehose_role.arn]
+      identifiers = [aws_iam_role.eligibility_lambda_role.arn]
     }
     actions   = ["kms:Decrypt"]
     resources = ["*"]
@@ -208,7 +208,7 @@ data "aws_iam_policy_document" "s3_audit_kms_key_policy" {
     effect = "Allow"
     principals {
       type        = "AWS"
-      identifiers = [aws_iam_role.eligibility_lambda_role.arn]
+      identifiers = [aws_iam_role.eligibility_lambda_role.arn, aws_iam_role.eligibility_audit_firehose_role.arn]
     }
     actions   = [
       "kms:Decrypt",
