Merge pull request #50 from kunduso-org/add-permission

kunduso · web-flow · commit 014b577db106 · 2025-09-04T22:08:56.000-05:00
Add missing secretsmanager:ListSecrets permission to EC2 instance role
diff --git a/asg.tf b/asg.tf
@@ -31,7 +31,9 @@ resource "aws_iam_policy" "github_runner" {
       {
         Effect = "Allow"
         Action = [
-          "secretsmanager:GetSecretValue"
+          "secretsmanager:GetSecretValue",
+          "secretsmanager:ListSecrets",
+          "secretsmanager:DescribeSecret"
         ]
         Resource = aws_secretsmanager_secret.github_runner_credentials.arn
       },

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,9 @@ resource "aws_iam_policy" "github_runner" {`
`31`	`31`	`{`
`32`	`32`	`Effect = "Allow"`
`33`	`33`	`Action = [`
`34`		`- "secretsmanager:GetSecretValue"`
	`34`	`+ "secretsmanager:GetSecretValue",`
	`35`	`+ "secretsmanager:ListSecrets",`
	`36`	`+ "secretsmanager:DescribeSecret"`
`35`	`37`	`]`
`36`	`38`	`Resource = aws_secretsmanager_secret.github_runner_credentials.arn`
`37`	`39`	`},`