eli-386 adding github permissions to make account level public access block changes

eddalmond1 · eddalmond1 · commit da2429322ed6 · 2025-08-07T11:09:03.000+01:00
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -164,6 +164,14 @@ resource "aws_iam_policy" "s3_management" {
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore-access-logs",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore-access-logs/*",
         ]
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "s3:GetAccountPublicAccessBlock",
+          "s3:PutAccountPublicAccessBlock"
+        ],
+        Resource = "*"
       }
     ]
   })

Original file line number	Diff line number	Diff line change
`@@ -164,6 +164,14 @@ resource "aws_iam_policy" "s3_management" {`
`164`	`164`	`"arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore-access-logs",`
`165`	`165`	`"arn:aws:s3:::eligibility-signposting-api-${var.environment}-truststore-access-logs/",`
`166`	`166`	`]`
	`167`	`+ },`
	`168`	`+ {`
	`169`	`+ Effect = "Allow",`
	`170`	`+ Action = [`
	`171`	`+ "s3:GetAccountPublicAccessBlock",`
	`172`	`+ "s3:PutAccountPublicAccessBlock"`
	`173`	`+ ],`
	`174`	`+ Resource = "*"`
`167`	`175`	`}`
`168`	`176`	`]`
`169`	`177`	`})`