From 2f5ecabca61d7e2e2157fcc42424f22e68e12aa2 Mon Sep 17 00:00:00 2001
From: anirudhpokala <anirudh@platform9.com>
Date: Tue, 14 May 2024 21:14:02 +0530
Subject: [PATCH] Added EMP IAM validation required permissions

---
 emp/emp-aws-policies/aws-policy-2.json | 6 ++++++
 emp/emp_iam_cftemplate.yml             | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/emp/emp-aws-policies/aws-policy-2.json b/emp/emp-aws-policies/aws-policy-2.json
index 6b2acfb..ce4a235 100644
--- a/emp/emp-aws-policies/aws-policy-2.json
+++ b/emp/emp-aws-policies/aws-policy-2.json
@@ -56,6 +56,12 @@
                 "iam:PutRolePolicy",
                 "iam:RemoveRoleFromInstanceProfile",
                 "iam:UntagRole",
+                "iam:ListUserPolicies",
+                "iam:ListAttachedUserPolicies",
+                "iam:GetUserPolicy",
+                "iam:GetPolicy",
+                "iam:GetPolicyVersion",
+                "iam:SimulateCustomPolicy",
                 "elasticfilesystem:Backup",
                 "elasticfilesystem:CreateAccessPoint",
                 "elasticfilesystem:CreateFileSystem",
diff --git a/emp/emp_iam_cftemplate.yml b/emp/emp_iam_cftemplate.yml
index 52cdaf0..78d319a 100644
--- a/emp/emp_iam_cftemplate.yml
+++ b/emp/emp_iam_cftemplate.yml
@@ -218,6 +218,12 @@ Resources:
           - iam:PutRolePolicy
           - iam:RemoveRoleFromInstanceProfile
           - iam:UntagRole
+          - iam:ListUserPolicies
+          - iam:ListAttachedUserPolicies
+          - iam:GetUserPolicy
+          - iam:GetPolicy
+          - iam:GetPolicyVersion
+          - iam:SimulateCustomPolicy
           - elasticfilesystem:Backup
           - elasticfilesystem:CreateAccessPoint
           - elasticfilesystem:CreateFileSystem