From f0675554a0d626831b263a5ee7941c8038329bbf Mon Sep 17 00:00:00 2001
From: karthikeyannhs <174426205+Karthikeyannhs@users.noreply.github.com>
Date: Tue, 1 Jul 2025 14:44:47 +0100
Subject: [PATCH 1/2] kms policies attachment to lambda

---
 infrastructure/stacks/api-layer/iam_policies.tf | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/infrastructure/stacks/api-layer/iam_policies.tf b/infrastructure/stacks/api-layer/iam_policies.tf
index 46e1d9e46..09cfcf6fc 100644
--- a/infrastructure/stacks/api-layer/iam_policies.tf
+++ b/infrastructure/stacks/api-layer/iam_policies.tf
@@ -150,7 +150,13 @@ data "aws_iam_policy_document" "dynamodb_kms_key_policy" {
       type        = "AWS"
       identifiers = [aws_iam_role.eligibility_lambda_role.arn]
     }
-    actions   = ["kms:Decrypt"]
+    actions = [
+      "kms:Encrypt",
+      "kms:Decrypt",
+      "kms:ReEncrypt*",
+      "kms:GenerateDataKey*",
+      "kms:DescribeKey"
+    ]
     resources = ["*"]
   }
 }

From 862c01fe6e24b26076dca8f4bdb03b11d00240a9 Mon Sep 17 00:00:00 2001
From: karthikeyannhs <174426205+Karthikeyannhs@users.noreply.github.com>
Date: Tue, 1 Jul 2025 15:07:20 +0100
Subject: [PATCH 2/2] manual-terraform-apply

---
 ...nual-terraform-plan.yaml => manual-terraform-apply.yaml} | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename .github/workflows/{manual-terraform-plan.yaml => manual-terraform-apply.yaml} (95%)

diff --git a/.github/workflows/manual-terraform-plan.yaml b/.github/workflows/manual-terraform-apply.yaml
similarity index 95%
rename from .github/workflows/manual-terraform-plan.yaml
rename to .github/workflows/manual-terraform-apply.yaml
index 5fc47c39c..d81d2092e 100644
--- a/.github/workflows/manual-terraform-plan.yaml
+++ b/.github/workflows/manual-terraform-apply.yaml
@@ -1,4 +1,4 @@
-name: Manual Terraform Plan
+name: Manual Terraform Apply
 
 on:
   workflow_dispatch:
@@ -65,8 +65,8 @@ jobs:
         run: |
           mkdir -p ./build
           echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=networking tf-command=plan args=\"-auto-approve\""
-          make terraform env=$ENVIRONMENT stack=networking tf-command=plan workspace=$WORKSPACE
+          make terraform env=$ENVIRONMENT stack=networking tf-command=apply workspace=$WORKSPACE
           echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=plan args=\"-auto-approve\""
-          make terraform env=$ENVIRONMENT stack=api-layer tf-command=plan workspace=$WORKSPACE
+          make terraform env=$ENVIRONMENT stack=api-layer tf-command=apply workspace=$WORKSPACE
 
         working-directory: ./infrastructure