Merge pull request #7165 from ministryofjustice/feature/add-additiona…

…l-permissions-to-share-policy-5 MS037 - Adding Missing Permission for Service Role Creation
ministryofjustice · Jul 22, 2024 · 7d549c2 · 7d549c2
2 parents 54089cc + cbb9530
commit 7d549c2
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/terraform/environments/digital-prison-reporting/policy.tf b/terraform/environments/digital-prison-reporting/policy.tf
@@ -834,3 +834,11 @@ resource "aws_iam_role_policy" "analytical_platform_share_policy_attachment" {
   role   = aws_iam_role.analytical_platform_share_role[each.key].name
   policy = data.aws_iam_policy_document.analytical_platform_share_policy[each.key].json
 }
+
+# ref: https://docs.aws.amazon.com/lake-formation/latest/dg/cross-account-prereqs.html
+resource "aws_iam_role_policy_attachment" "analytical_platform_share_policy_attachment" {
+  for_each = local.analytical_platform_share
+
+  role       = aws_iam_role.analytical_platform_share_role[each.key].name
+  policy_arn = "arn:aws:iam::aws:policy/AWSLakeFormationCrossAccountManager"
+}