From cbb9530c5faca1c29c923d4af1cb2475b7340eb8 Mon Sep 17 00:00:00 2001
From: julialawrence <julia.lawrence@digital.justice.gov.uk>
Date: Mon, 22 Jul 2024 07:38:28 +0100
Subject: [PATCH] Adding AWS Manaaged Policy for Lake Formation Sharing

---
 terraform/environments/digital-prison-reporting/policy.tf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/terraform/environments/digital-prison-reporting/policy.tf b/terraform/environments/digital-prison-reporting/policy.tf
index f18cf1bd3a1..4fb7c8a776e 100644
--- a/terraform/environments/digital-prison-reporting/policy.tf
+++ b/terraform/environments/digital-prison-reporting/policy.tf
@@ -834,3 +834,11 @@ resource "aws_iam_role_policy" "analytical_platform_share_policy_attachment" {
   role   = aws_iam_role.analytical_platform_share_role[each.key].name
   policy = data.aws_iam_policy_document.analytical_platform_share_policy[each.key].json
 }
+
+# ref: https://docs.aws.amazon.com/lake-formation/latest/dg/cross-account-prereqs.html
+resource "aws_iam_role_policy_attachment" "analytical_platform_share_policy_attachment" {
+  for_each = local.analytical_platform_share
+
+  role       = aws_iam_role.analytical_platform_share_role[each.key].name
+  policy_arn = "arn:aws:iam::aws:policy/AWSLakeFormationCrossAccountManager"
+}
\ No newline at end of file