From 424a6576219ae5a783d3c80ec8b27d480a17ed2b Mon Sep 17 00:00:00 2001
From: Miguel Pais <miguelpais@gmail.com>
Date: Sat, 11 May 2024 10:45:08 +0200
Subject: [PATCH] [SSPROD-40004] Adding permissions in order to obtain an aws
 lambda docker image pull string (#68)

* Adding permissions in order to obtain an aws lambda docker image pull string

* Missing permission for org case

* grouping
---
 modules/services/trust-relationship/main.tf | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/modules/services/trust-relationship/main.tf b/modules/services/trust-relationship/main.tf
index 5d44c90..1444544 100644
--- a/modules/services/trust-relationship/main.tf
+++ b/modules/services/trust-relationship/main.tf
@@ -91,12 +91,13 @@ data "aws_iam_policy_document" "custom_resources_policy" {
   }
 
   statement {
-    sid = "GetRuntimeManagementConfig"
+    sid = "GetFunctionDetails"
 
     effect = "Allow"
 
     actions = [
       "lambda:GetRuntimeManagementConfig",
+      "lambda:GetFunction",
     ]
 
     resources = [
@@ -168,9 +169,11 @@ Resources:
                 Effect: "Allow"
                 Action: "macie2:ListClassificationJobs"
                 Resource: "*"
-              - Sid: "GetRuntimeManagementConfig"
+              - Sid: "GetFunctionDetails"
                 Effect: "Allow"
-                Action: "lambda:GetRuntimeManagementConfig"
+                Action:
+                  - "lambda:GetRuntimeManagementConfig"
+                  - "lambda:GetFunction"
                 Resource: "*"
 TEMPLATE
 }