From 174330ca98313010c615e2911474129006d5636c Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Wed, 5 Apr 2023 11:10:26 -0400
Subject: [PATCH] add iam listaccountaliases permission

---
 route53-zone-association/lambda-role/README.md  | 2 +-
 route53-zone-association/lambda-role/main.tf    | 3 ++-
 route53-zone-association/terraform-role/main.tf | 1 +
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/route53-zone-association/lambda-role/README.md b/route53-zone-association/lambda-role/README.md
index 27569f6..ac51320 100644
--- a/route53-zone-association/lambda-role/README.md
+++ b/route53-zone-association/lambda-role/README.md
@@ -1,4 +1,4 @@
-# About aws-vpc-setup :: route53-zone-assoication :: terraform-role
+# About aws-vpc-setup :: route53-zone-assoication :: lambda-role
 
 Role to be assumed from terraform in a remote account (or local account) to allow for associating the VPC to the PHZ
 and for updating route53 entries.  This fails if not a member of an organization.
diff --git a/route53-zone-association/lambda-role/main.tf b/route53-zone-association/lambda-role/main.tf
index 0f015f7..99994cd 100644
--- a/route53-zone-association/lambda-role/main.tf
+++ b/route53-zone-association/lambda-role/main.tf
@@ -1,5 +1,5 @@
 /*
-* # About aws-vpc-setup :: route53-zone-assoication :: terraform-role
+* # About aws-vpc-setup :: route53-zone-assoication :: lambda-role
 * 
 * Role to be assumed from terraform in a remote account (or local account) to allow for associating the VPC to the PHZ
 * and for updating route53 entries.  This fails if not a member of an organization.
@@ -46,6 +46,7 @@ data "aws_iam_policy_document" "policy" {
     sid    = "TFRemoteRoute53Actions"
     effect = "Allow"
     actions = [
+      "iam:ListAccountAliases",
       "route53:Get*",
       "route53:List*",
       "route53:TestDNSAnswer",
diff --git a/route53-zone-association/terraform-role/main.tf b/route53-zone-association/terraform-role/main.tf
index 746905c..a8d9a45 100644
--- a/route53-zone-association/terraform-role/main.tf
+++ b/route53-zone-association/terraform-role/main.tf
@@ -46,6 +46,7 @@ data "aws_iam_policy_document" "policy" {
     sid    = "TFRemoteRoute53Actions"
     effect = "Allow"
     actions = [
+      "iam:ListAccountAliases",
       "route53:Get*",
       "route53:List*",
       "route53:AssociateVPCWithHostedZone",