Merge pull request #8154 from ministryofjustice/feature/enable-consol…

…e-home-loading Add permissions for users to view console home widgets
ministryofjustice · Oct 3, 2024 · 3cf6fb8 · 3cf6fb8
2 parents 53153ce + 1233d64
commit 3cf6fb8
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/terraform/modernisation-platform-account/iam.tf b/terraform/modernisation-platform-account/iam.tf
@@ -21,7 +21,8 @@ module "collaborators_group" {
 
   custom_group_policy_arns = [
     data.aws_iam_policy.ForceMFA.arn,
-    aws_iam_policy.collaborator_local_plan.arn
+    aws_iam_policy.collaborator_local_plan.arn,
+    aws_iam_policy.modernisation_account_limited_read.arn
   ]
 }
 
@@ -153,6 +154,18 @@ data "aws_iam_policy_document" "modernisation_account_limited_read" {
     actions   = ["s3:*"]
     resources = ["arn:aws:s3:::*"]
   }
+  statement {
+    sid    = "ViewConsoleHome"
+    effect = "Allow"
+    actions = [
+      "ec2:DescribeRegions",
+      "notifications:ListNotificationHubs",
+      "health:DescribeEventAggregates",
+      "cost-optimization-hub:ListEnrollmentStatuses",
+      "ce:GetCostAndUsage"
+    ]
+    resources = ["*"]
+  }
 }
 resource "aws_iam_policy" "modernisation_account_limited_read" {
   name        = "ModernisationAccountLimitedRead"