From 11ac7e513761f0f48acfc700f79bf082ad35b4fa Mon Sep 17 00:00:00 2001
From: Andrew <andrew.leith@cds-snc.ca>
Date: Mon, 16 Dec 2024 14:01:33 -0400
Subject: [PATCH] fix(iam/notify-admin-pr): add permissions to upload CSV files
 so bulk upload will work; add permission to allow listing of SES identities
 so email sending domain dropdown will work (#1699)

---
 aws/lambda-admin-pr/iam.tf | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/aws/lambda-admin-pr/iam.tf b/aws/lambda-admin-pr/iam.tf
index ff78a67d9..f6e035003 100644
--- a/aws/lambda-admin-pr/iam.tf
+++ b/aws/lambda-admin-pr/iam.tf
@@ -62,6 +62,27 @@ data "aws_iam_policy_document" "notify_admin_pr" {
       "arn:aws:ssm:${var.region}:${var.account_id}:parameter/ENVIRONMENT_VARIABLES"
     ]
   }
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "ses:ListIdentities",
+      "ses:GetIdentityVerificationAttributes"
+    ]
+    resources = ["*"]
+    sid       = ""
+  }
+
+  statement {
+    effect = "Allow"
+    actions = [
+      "s3:PutObject",
+      "s3:GetObject"
+    ]
+    resources = [
+      "arn:aws:s3:::notification-canada-ca-${var.env}-csv-upload/*"
+    ]
+  }
 }
 
 resource "aws_iam_policy" "notify_admin_pr" {