chore: add oidc roles

mchmarny · mchmarny · commit e85bcc8a8f49 · 2025-11-18T04:28:43.000-08:00
diff --git a/tests/uat/aws/account/federation.tf b/tests/uat/aws/account/federation.tf
@@ -86,7 +86,7 @@ data "aws_iam_policy_document" "github_actions_permissions" {
       "sts:GetAccessKeyInfo",
       "sts:GetCallerIdentity",
       "sts:GetFederationToken",
-      "sts:TagSession"
+      "sts:TagSession",
     ]
     resources = ["*"]
   }
@@ -96,22 +96,23 @@ data "aws_iam_policy_document" "github_actions_permissions" {
     sid    = "IAMPermissions"
     effect = "Allow"
     actions = [
+      "iam:AddRoleToInstanceProfile",
+      "iam:AttachRolePolicy",
+      "iam:CreateInstanceProfile",
       "iam:CreateRole",
+      "iam:DeleteInstanceProfile",
       "iam:DeleteRole",
+      "iam:DetachRolePolicy",
+      "iam:GetInstanceProfile",
+      "iam:GetOpenIDConnectProvider",
       "iam:GetRole",
+      "iam:ListAttachedRolePolicies",
       "iam:ListRoles",
+      "iam:ListRoleTags",
       "iam:PassRole",
-      "iam:AttachRolePolicy",
-      "iam:DetachRolePolicy",
-      "iam:ListAttachedRolePolicies",
-      "iam:CreateInstanceProfile",
-      "iam:DeleteInstanceProfile",
-      "iam:GetInstanceProfile",
-      "iam:AddRoleToInstanceProfile",
       "iam:RemoveRoleFromInstanceProfile",
       "iam:TagRole",
       "iam:UntagRole",
-      "iam:ListRoleTags"
     ]
     resources = ["*"]
   }
@@ -121,7 +122,7 @@ data "aws_iam_policy_document" "github_actions_permissions" {
     sid    = "SSMNodePermissions"
     effect = "Allow"
     actions = [
-      "ssm:GetParameter"
+      "ssm:GetParameter",
     ]
     resources = ["*"]
   }
@@ -130,39 +131,31 @@ data "aws_iam_policy_document" "github_actions_permissions" {
   statement {
     sid    = "EKSClusterPermissions"
     effect = "Allow"
-    actions = [
-      "eks:*"
-    ]
+    actions = ["eks:*"]
     resources = ["*"]
   }
 
   # EC2 permissions for EKS
   statement {
     sid    = "EC2Permissions"
     effect = "Allow"
-    actions = [
-      "ec2:*"
-    ]
+    actions = ["ec2:*"]
     resources = ["*"]
   }
 
   # CloudFormation permissions (EKS uses CloudFormation)
   statement {
     sid    = "CloudFormationPermissions"
     effect = "Allow"
-    actions = [
-      "cloudformation:*"
-    ]
+    actions = ["cloudformation:*"]
     resources = ["*"]
   }
 
   # Auto Scaling permissions for EKS node groups
   statement {
     sid    = "AutoScalingPermissions"
     effect = "Allow"
-    actions = [
-      "autoscaling:*"
-    ]
+    actions = ["autoscaling:*"]
     resources = ["*"]
   }
 }
