Merge pull request #145 from cisagov/improvement/add-additional-permi…

…ssions Add CloudFront Origin Access Controls permissions to `ProvisionPublishEgressIP` policy
cisagov · May 28, 2024 · 120003f · 120003f
2 parents 7a62b18 + de54e29
commit 120003f
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/dns/provisionpublishegressip_policy.tf b/dns/provisionpublishegressip_policy.tf
@@ -20,8 +20,11 @@ data "aws_iam_policy_document" "provisionpublishegressip_doc" {
   statement {
     actions = [
       "cloudfront:CreateDistribution",
+      "cloudfront:CreateOriginAccessControl",
       "cloudfront:DeleteDistribution",
+      "cloudfront:DeleteOriginAccessControl",
       "cloudfront:GetDistribution",
+      "cloudfront:GetOriginAccessControl",
       "cloudfront:ListTagsForResource",
       "cloudfront:TagResource",
       "cloudfront:UpdateDistribution",
@@ -156,6 +159,7 @@ data "aws_iam_policy_document" "provisionpublishegressip_doc" {
     actions = [
       "s3:CreateBucket",
       "s3:DeleteBucket",
+      "s3:DeleteBucketPolicy",
       "s3:DeleteBucketWebsite",
       "s3:DeleteObject",
       "s3:DeleteObjectVersion",