Merge pull request #49 from anyscale/brent/update-iam

upd: Update IAM Policies for Anyscale Services
anyscale · Apr 29, 2024 · 832ac72 · 832ac72
2 parents 3a80b95 + 60c7869
commit 832ac72
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.21.0 (Released)
+FEATURES:
+- Add IAM policy update for Anyscale Services change to add HTTP headers for versions.
+
+BUG FIXES:
+
+BREAKING CHANGES:
+
+NOTES:
+
 ## 0.20.0 (Released)
 FEATURES:
 - Proper KMS support for EFS and S3 buckets

diff --git a/modules/aws-anyscale-iam/iam-policies-data.tf b/modules/aws-anyscale-iam/iam-policies-data.tf
@@ -290,6 +290,7 @@ data "aws_iam_policy_document" "iam_anyscale_cluster_node_assumerole_policy" {
   }
 }
 
+#trivy:ignore:avd-aws-0057:Wildcard required for these actions
 data "aws_iam_policy_document" "iam_anyscale_s3_bucket_access" {
   dynamic "statement" {
     for_each = local.create_s3_bucket_access_policy ? [1] : []
@@ -318,7 +319,8 @@ data "aws_iam_policy_document" "iam_anyscale_services_v2" {
       "cloudformation:CreateStack",
       "cloudformation:DescribeStackEvents",
       "cloudformation:DescribeStackResources",
-      "cloudformation:DescribeStacks"
+      "cloudformation:DescribeStacks",
+      "cloudformation:GetTemplate"
     ]
     resources = [
       "arn:aws:cloudformation:*:${local.account_id}:stack/*"