Add SES access to the IAM user service permission boundary

BCDevOps · Jan 4, 2024 · 960a2df · 960a2df
1 parent 7d8a90b
commit 960a2df
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/modules/iam-users/main.tf b/modules/iam-users/main.tf
@@ -185,7 +185,7 @@ resource "aws_lambda_permission" "allow_cloudwatch_every_five_minutes" {
 resource "aws_iam_policy" "s3_full_access_boundary" {
   name        = "BCGOV_IAM_USER_BOUNDARY_POLICY"
   path        = "/"
-  description = "Permission boundary policy for full S3 access"
+  description = "Permission boundary policy for the BC Gov IAM user service"
 
   policy = jsonencode({
     Version = "2012-10-17",
@@ -196,6 +196,12 @@ resource "aws_iam_policy" "s3_full_access_boundary" {
         Action   = "s3:*",
         Resource = "*"
       },
+      {
+        Sid      = "SESFullAccess",
+        Effect   = "Allow",
+        Action   = "ses:*",
+        Resource = "*"
+      },
       {
         Sid    = "SSMandKMSAccess",
         Effect = "Allow",
@@ -212,4 +218,4 @@ resource "aws_iam_policy" "s3_full_access_boundary" {
       }
     ]
   })
-}
+}