add iam listaccountaliases permission

terraform-modules · Apr 5, 2023 · 174330c · 174330c
1 parent 6b14abb
commit 174330c
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/route53-zone-association/lambda-role/README.md b/route53-zone-association/lambda-role/README.md
@@ -1,4 +1,4 @@
-# About aws-vpc-setup :: route53-zone-assoication :: terraform-role
+# About aws-vpc-setup :: route53-zone-assoication :: lambda-role
 
 Role to be assumed from terraform in a remote account (or local account) to allow for associating the VPC to the PHZ
 and for updating route53 entries.  This fails if not a member of an organization.

diff --git a/route53-zone-association/lambda-role/main.tf b/route53-zone-association/lambda-role/main.tf
@@ -1,5 +1,5 @@
 /*
-* # About aws-vpc-setup :: route53-zone-assoication :: terraform-role
+* # About aws-vpc-setup :: route53-zone-assoication :: lambda-role
 * 
 * Role to be assumed from terraform in a remote account (or local account) to allow for associating the VPC to the PHZ
 * and for updating route53 entries.  This fails if not a member of an organization.
@@ -46,6 +46,7 @@ data "aws_iam_policy_document" "policy" {
     sid    = "TFRemoteRoute53Actions"
     effect = "Allow"
     actions = [
+      "iam:ListAccountAliases",
       "route53:Get*",
       "route53:List*",
       "route53:TestDNSAnswer",

diff --git a/route53-zone-association/terraform-role/main.tf b/route53-zone-association/terraform-role/main.tf
@@ -46,6 +46,7 @@ data "aws_iam_policy_document" "policy" {
     sid    = "TFRemoteRoute53Actions"
     effect = "Allow"
     actions = [
+      "iam:ListAccountAliases",
       "route53:Get*",
       "route53:List*",
       "route53:AssociateVPCWithHostedZone",