From 1a0873c116deba2e1ae0d9854860f8d551f5c76d Mon Sep 17 00:00:00 2001
From: Kaosisochukwu Uzokwe <delkopiso@users.noreply.github.com>
Date: Fri, 5 Jan 2024 15:15:16 -0500
Subject: [PATCH] KIL-2960 Add sts:AssumeRole policy to Agent execution Role

---
 main.tf | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 2e24904..4cb656c 100644
--- a/main.tf
+++ b/main.tf
@@ -346,6 +346,30 @@ resource "aws_iam_role_policy" "mcd_agent_service_lambda_info_policy" {
   role = aws_iam_role.mcd_agent_service_execution_role.id
 }
 
+resource "aws_iam_role_policy" "mcd_agent_service_assume_role_policy" {
+  name = "assume_role_policy"
+  policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Action" : [
+          "sts:AssumeRole"
+        ],
+        "Condition" : {
+          "StringEquals" : {
+            "iam:ResourceTag/MonteCarloData" : ""
+          }
+        },
+        "Resource" : [
+          "*"
+        ],
+        "Effect" : "Allow"
+      }
+    ]
+  })
+  role = aws_iam_role.mcd_agent_service_execution_role.id
+}
+
 resource "aws_iam_role_policy" "mcd_agent_service_repo_policy" {
   count = var.remote_upgradable ? 1 : 0
   name  = "repo_access_policy"
@@ -430,4 +454,4 @@ resource "aws_iam_role" "mcd_agent_service_invocation_role" {
   tags = {
     MonteCarloData = ""
   }
-}
\ No newline at end of file
+}