From cd94251682c025919f0f8906b4522c6dae3dcbf9 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Tue, 17 May 2022 20:10:07 +0200 Subject: [PATCH] Allow creation of the NetworkFirewall service role --- aws/policy/security-services.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/aws/policy/security-services.yaml b/aws/policy/security-services.yaml index 711f73d8..2c97739c 100644 --- a/aws/policy/security-services.yaml +++ b/aws/policy/security-services.yaml @@ -171,6 +171,7 @@ Statement: - 'arn:aws:iam::{{ aws_account_id }}:role/aws-service-role/spot.amazonaws.com/*' - 'arn:aws:iam::{{ aws_account_id }}:role/aws-service-role/eks-fargate.amazonaws.com/*' - 'arn:aws:iam::{{ aws_account_id }}:role/aws-service-role/transitgateway.amazonaws.com/*' + - 'arn:aws:iam::{{ aws_account_id }}:role/aws-service-role/network-firewall.amazonaws.com/*' Condition: ForAnyValue:StringEquals: iam:AWSServiceName: @@ -178,3 +179,4 @@ Statement: - 'spot.amazonaws.com' - 'eks-fargate.amazonaws.com' - 'transitgateway.amazonaws.com' + - 'network-firewall.amazonaws.com'