Merge pull request #21 from TechNative-B-V/feature/ignore_scaling_alarm

allow lambda read RDS
TechNative-B-V · Feb 14, 2024 · 31df4de · 31df4de
2 parents 46fef38 + 7952a52
commit 31df4de
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/lambda_cw_alarm_creator_role.tf b/lambda_cw_alarm_creator_role.tf
@@ -12,6 +12,7 @@ module "iam_role_lambda_cw_alarm_creator" {
     "cloudwatch_alarms" : jsondecode(data.aws_iam_policy_document.cloudwatch_alarms.json)
     "eventbus" : jsondecode(data.aws_iam_policy_document.eventbus.json)
     "lambda_ec2_read_access" : jsondecode(data.aws_iam_policy_document.lambda_ec2_read_access.json)
+    "lambda_rds_read_access" : jsondecode(data.aws_iam_policy_document.lambda_rds_read_access.json)
   }
 
   trust_relationship = {
@@ -71,6 +72,16 @@ data "aws_iam_policy_document" "lambda_ec2_read_access" {
   }
 }
 
+data "aws_iam_policy_document" "lambda_rds_read_access" {
+  statement {
+    sid = "AllowLambdaRDSAccess"
+
+    actions = ["rds:Describe*"]
+
+    resources = ["*"]
+  }
+}
+
 # The Lambda role needs to access KMS key in order to access SNS topic.
 resource "aws_kms_grant" "give_lambda_role_access" {
   name              = "lambda-role-kms-grant-access"