From 7360e05b5697575b254cd3e10502d2f0addbacd7 Mon Sep 17 00:00:00 2001
From: Jon Quinn <1213631+jnq@users.noreply.github.com>
Date: Tue, 2 Jan 2024 14:43:42 +0000
Subject: [PATCH] DSOS-2447: add ssm:StartSession (#4415)

* add ssm:StartSession

* missing permission
---
 terraform/environments/hmpps-oem/locals.tf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/terraform/environments/hmpps-oem/locals.tf b/terraform/environments/hmpps-oem/locals.tf
index 659938ddb89..490086eaf45 100644
--- a/terraform/environments/hmpps-oem/locals.tf
+++ b/terraform/environments/hmpps-oem/locals.tf
@@ -44,10 +44,12 @@ locals {
       description = "Permissions for the db refresh process"
       statements = [
         {
-          sid    = "DescribeInstances"
+          sid    = "InstanceAccess"
           effect = "Allow"
           actions = [
             "ec2:DescribeInstances",
+            "ssm:StartSession",
+            "ssm:TerminateSession"
           ]
           resources = [
             "*",