From 1073f02a277a11d7d1ac3c86f14fc1f3f4dee5fa Mon Sep 17 00:00:00 2001
From: Lukas Janssen <lukas.janssen@ottogroup.com>
Date: Thu, 26 Sep 2024 17:29:55 +0200
Subject: [PATCH] GBICSGO-2255: add ListTagsForResource permissions to aws
 stackset

---
 .../Stackset-Pantheon-Role-AWSLinkedAccounts.json         | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/terraform/modules/aws-policies/cloud-formation/Stackset-Pantheon-Role-AWSLinkedAccounts.json b/terraform/modules/aws-policies/cloud-formation/Stackset-Pantheon-Role-AWSLinkedAccounts.json
index d53fefb..d5c7c82 100644
--- a/terraform/modules/aws-policies/cloud-formation/Stackset-Pantheon-Role-AWSLinkedAccounts.json
+++ b/terraform/modules/aws-policies/cloud-formation/Stackset-Pantheon-Role-AWSLinkedAccounts.json
@@ -118,6 +118,7 @@
                 "aps:DescribeRuleGroupsNamespace",
                 "aps:DescribeWorkspace",
                 "aps:ListRuleGroupsNamespaces",
+                "aps:ListTagsForResource",
                 "aps:ListWorkspaces",
                 "athena:GetCatalogs",
                 "athena:GetDataCatalog",
@@ -197,6 +198,7 @@
                 "codebuild:ListSharedProjects",
                 "codebuild:ListSourceCredentials",
                 "codepipeline:ListActionTypes",
+                "codepipeline:ListTagsForResource",
                 "codepipeline:ListWebhooks",
                 "cognito-identity:DescribeIdentityPool",
                 "connect:ListApprovedOrigins",
@@ -339,12 +341,14 @@
                 "emr-containers:ListJobRuns",
                 "emr-containers:ListJobTemplates",
                 "emr-containers:ListManagedEndpoints",
+                "emr-containers:ListTagsForResource",
                 "emr-containers:ListVirtualClusters",
                 "emr-containers:DescribeJobRun",
                 "emr-containers:DescribeJobTemplate",
                 "emr-containers:DescribeManagedEndpoint",
                 "emr-containers:DescribeVirtualCluster",
                 "emr-serverless:ListApplications",
+                "emr-serverless:ListTagsForResource",
                 "emr-serverless:GetJobRun",
                 "fms:GetNotificationChannel",
                 "fms:GetPolicy",
@@ -443,6 +447,7 @@
                 "grafana:DescribeWorkspaceAuthentication",
                 "grafana:DescribeWorkspaceConfiguration",
                 "grafana:ListPermissions",
+                "grafana:ListTagsForResource",
                 "guardduty:DescribeMalwareScans",
                 "guardduty:DescribeOrganizationConfiguration",
                 "health:DescribeAffectedAccountsForOrganization",
@@ -470,6 +475,7 @@
                 "iot:GetV2LoggingOptions",
                 "ivschat:ListLoggingConfigurations",
                 "ivschat:ListRooms",
+                "ivschat:ListTagsForResource",
                 "kafka:ListClusters",
                 "kendra:DescribeIndex",
                 "kendra:ListDataSources",
@@ -505,6 +511,7 @@
                 "m2:ListApplications",
                 "m2:ListEngineVersions",
                 "m2:ListEnvironments",
+                "m2:ListTagsForResource",
                 "memorydb:DescribeACLs",
                 "memorydb:DescribeEngineVersions",
                 "memorydb:DescribeEvents",
@@ -646,6 +653,7 @@
                 "ssm-sap:ListApplications",
                 "ssm-sap:ListComponents",
                 "ssm-sap:ListDatabases",
+                "ssm-sap:ListTagsForResource",
                 "sns:GetEndpointAttributes",
                 "sns:GetSMSAttributes",
                 "sns:GetSMSSandboxAccountStatus",