From 4211d9fae2fedc45832a21a3307f67feeb055c86 Mon Sep 17 00:00:00 2001
From: Alis Akers <alismxwll@gmail.com>
Date: Tue, 26 Nov 2024 15:59:57 -0800
Subject: [PATCH] resolve permission issue for vpc endpoint modification

---
 terraform/modules/oidc/_data.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/terraform/modules/oidc/_data.tf b/terraform/modules/oidc/_data.tf
index 90f82e1..9d6b3b1 100644
--- a/terraform/modules/oidc/_data.tf
+++ b/terraform/modules/oidc/_data.tf
@@ -246,6 +246,7 @@ data "aws_iam_policy_document" "resource_tags_update_actions" {
       "ec2:RevokeSecurityGroupIngress",
       "ec2:AssociateRouteTable",
       "ec2:ModifyVpcAttribute",
+      "ec2:ModifyVpcEndpoint",
       "ec2:CreateTags",
       "elasticloadbalancing:AddTags",
       "elasticloadbalancing:ModifyLoadBalancerAttributes",
@@ -275,6 +276,7 @@ data "aws_iam_policy_document" "resource_tags_update_actions" {
     resources = [
       "arn:aws:appmesh:${var.region}:${data.aws_caller_identity.current.account_id}:mesh/${local.project_owner_workspace}",
       "arn:aws:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:vpc/${local.vpc_id}",
+      "arn:aws:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:vpc-endpoint/*",
       "arn:aws:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:security-group/*",
       "arn:aws:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:subnet/*",
       "arn:aws:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:route-table/*",