From 960a2dfdff370e651a9fe9bd2b4826322d913a57 Mon Sep 17 00:00:00 2001
From: Warren Uniewski <warren@autimo.com>
Date: Thu, 4 Jan 2024 15:56:56 -0800
Subject: [PATCH] Add SES access to the IAM user service permission boundary

---
 modules/iam-users/main.tf | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/iam-users/main.tf b/modules/iam-users/main.tf
index d70307f..422bbe1 100644
--- a/modules/iam-users/main.tf
+++ b/modules/iam-users/main.tf
@@ -185,7 +185,7 @@ resource "aws_lambda_permission" "allow_cloudwatch_every_five_minutes" {
 resource "aws_iam_policy" "s3_full_access_boundary" {
   name        = "BCGOV_IAM_USER_BOUNDARY_POLICY"
   path        = "/"
-  description = "Permission boundary policy for full S3 access"
+  description = "Permission boundary policy for the BC Gov IAM user service"
 
   policy = jsonencode({
     Version = "2012-10-17",
@@ -196,6 +196,12 @@ resource "aws_iam_policy" "s3_full_access_boundary" {
         Action   = "s3:*",
         Resource = "*"
       },
+      {
+        Sid      = "SESFullAccess",
+        Effect   = "Allow",
+        Action   = "ses:*",
+        Resource = "*"
+      },
       {
         Sid    = "SSMandKMSAccess",
         Effect = "Allow",
@@ -212,4 +218,4 @@ resource "aws_iam_policy" "s3_full_access_boundary" {
       }
     ]
   })
-}
\ No newline at end of file
+}