updated the boundary policy to include bedrock

bcgov · Jun 3, 2024 · 4b35fdb · 4b35fdb
1 parent 575fe27
commit 4b35fdb
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/modules/iam-users/main.tf b/modules/iam-users/main.tf
@@ -182,7 +182,7 @@ resource "aws_lambda_permission" "allow_cloudwatch_every_five_minutes" {
 }
 
 # Permission boundary
-resource "aws_iam_policy" "s3_full_access_boundary" {
+resource "aws_iam_policy" "user_access_boundary" {
   name        = "BCGOV_IAM_USER_BOUNDARY_POLICY"
   path        = "/"
   description = "Permission boundary policy for the BC Gov IAM user service"
@@ -202,6 +202,12 @@ resource "aws_iam_policy" "s3_full_access_boundary" {
         Action   = "ses:*",
         Resource = "*"
       },
+      {
+        Sid      = "BedrockFullAccess",
+        Effect   = "Allow",
+        Action   = "bedrock:*",
+        Resource = "*"
+      },
       {
         Sid    = "SSMandKMSAccess",
         Effect = "Allow",