From 6d35a0c8144b7e8273fc6a88a841a0b256262a8d Mon Sep 17 00:00:00 2001
From: Anton Eremin <mobessona2@gmail.com>
Date: Thu, 1 Feb 2024 13:20:59 +0500
Subject: [PATCH] fix: add all necessary permissions

---
 slack_handler_lambda.tf | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/slack_handler_lambda.tf b/slack_handler_lambda.tf
index 53593ab..d3bb8a5 100644
--- a/slack_handler_lambda.tf
+++ b/slack_handler_lambda.tf
@@ -179,13 +179,21 @@ data "aws_iam_policy_document" "slack_handler" {
   statement {
     effect = "Allow"
     actions = [
-      "sso:ListTagsForResource",
       "sso:CreatePermissionSet",
+      "sso:ListTagsForResource",
+      "sso:TagResource",
+      
       "sso:AttachManagedPolicyToPermissionSet",
+      "sso:ListManagedPoliciesInPermissionSet",
+
+      "sso:ListCustomerManagedPolicyReferencesInPermissionSet",
+      "sso:AttachCustomerManagedPolicyReferenceToPermissionSet",
+
       "sso:PutPermissionsBoundaryToPermissionSet",
+      "sso:GetPermissionsBoundaryForPermissionSet",
+
       "sso:PutInlinePolicyToPermissionSet",
       "sso:GetInlinePolicyForPermissionSet",
-      "sso:GetPermissionsBoundaryForPermissionSet",
     ]
     resources = ["*"]
   }