From 6cc369a4ba31ed3e4b5ebf5632259c0b00f4682b Mon Sep 17 00:00:00 2001
From: Keith Adkins <keithdadkins@users.noreply.github.com>
Date: Mon, 11 Sep 2023 14:35:32 -0500
Subject: [PATCH] BFD-2884: Allow listing of SSM parameters  (#1929)

---
 ops/terraform/env/mgmt/iam.tf | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ops/terraform/env/mgmt/iam.tf b/ops/terraform/env/mgmt/iam.tf
index d25a0b662d..0e6362bdc4 100644
--- a/ops/terraform/env/mgmt/iam.tf
+++ b/ops/terraform/env/mgmt/iam.tf
@@ -366,6 +366,17 @@ resource "aws_iam_policy" "bfd_ssm_ro" {
 {
   "Statement": [
     {
+      "Sid": "ListParameters",
+      "Action": [
+        "ssm:DescribeParameters"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws:ssm:us-east-1:${local.account_id}:*"
+      ]
+    },
+    {
+      "Sid": "AllowReadBFDParams",
       "Action": [
         "ssm:GetParametersByPath",
         "ssm:GetParameters",
@@ -377,6 +388,7 @@ resource "aws_iam_policy" "bfd_ssm_ro" {
       ]
     },
     {
+      "Sid": "AllowKeyUsage",
       "Action": [
         "kms:Decrypt"
       ],