Update permission boundary to include deny on attaching policies to B…

…CGOV managed roles

modules/account-sso/main.tf

@@ -82,6 +82,7 @@ resource "aws_iam_policy" "bcgov_perm_boundary" {
           "iam:Delete*",
           "iam:DetachRolePolicy",
           "iam:DeleteRolePolicy",
+          "iam:AttachRolePolicy",
           "iam:DeleteUserPermissionsBoundary",
           "iam:PutUserPermissionsBoundary",
           "iam:DeleteRolePermissionsBoundary"