fix: missing permissions to manage root account

henryde · henryde · commit c30f4fdf8fed · 2024-04-29T05:42:07.000Z
diff --git a/modules/meshcloud-replicator/replicator-management-account-access/data.tf b/modules/meshcloud-replicator/replicator-management-account-access/data.tf
@@ -115,7 +115,10 @@ data "aws_iam_policy_document" "meshfed_service" {
         "iam:GetRole",
         "iam:ListAttachedRolePolicies",
         "iam:ListRolePolicies",
-        "iam:GetSAMLProvider"
+        "iam:GetSAMLProvider",
+        "iam:CreateRole",
+        "iam:AttachRolePolicy",
+        "iam:UpdateAssumeRolePolicy"
       ]
       resources = [
         "arn:${data.aws_partition.current.partition}:iam::${local.account_id}:saml-provider/*",
