[ndr-387] reverting test changes

tim-knight-nhs · tim-knight-nhs · commit 585451da6cda · 2026-03-24T15:38:33.000Z
diff --git a/base_iam/iam_github_test.tf b/base_iam/iam_github_test.tf
@@ -53,6 +53,118 @@ resource "aws_iam_policy" "github_actions_test" {
         Effect   = "Allow"
         Resource = "*"
       },
+      {
+        Action = [
+          "backup:TagResource",
+          "backup:UntagResource",
+          "cognito-identity:TagResource",
+          "cognito-identity:UntagResource",
+          "elasticloadbalancing:AddTags",
+          "elasticloadbalancing:RemoveTags",
+          "events:TagResource",
+          "events:UntagResource",
+          "iam:TagInstanceProfile",
+          "iam:TagPolicy",
+          "iam:TagRole",
+          "iam:UntagInstanceProfile",
+          "iam:UntagPolicy",
+          "iam:UntagRole",
+          "lambda:TagResource",
+          "lambda:UntagResource",
+          "logs:TagResource",
+          "logs:UntagResource",
+          "resource-groups:DeleteGroup",
+          "resource-groups:GetGroup",
+          "resource-groups:GetGroupConfiguration",
+          "resource-groups:GetGroupQuery",
+          "resource-groups:GetTags",
+          "resource-groups:ListGroupResources",
+          "resource-groups:Tag",
+          "resource-groups:Untag",
+          "resource-groups:UpdateGroup",
+          "resource-groups:UpdateGroupQuery",
+          "sns:TagResource",
+          "sns:UntagResource"
+        ]
+        Effect = "Allow"
+        Resource = [
+          "*",
+          "arn:aws:backup:*:694282683086:backup-plan:*",
+          "arn:aws:backup:*:694282683086:backup-vault:*",
+          "arn:aws:backup:*:694282683086:framework:*-*",
+          "arn:aws:backup:*:694282683086:legal-hold:*",
+          "arn:aws:backup:*:694282683086:report-plan:*-*",
+          "arn:aws:backup:*:694282683086:restore-testing-plan:*-*",
+          "arn:aws:cognito-identity:*:694282683086:identitypool/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener-rule/app/*/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener-rule/net/*/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener/app/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener/gwy/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener/net/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:loadbalancer/app/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:loadbalancer/gwy/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:loadbalancer/net/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:targetgroup/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:truststore/*/*",
+          "arn:aws:events:*:694282683086:event-bus/*",
+          "arn:aws:events:*:694282683086:rule/*/*",
+          "arn:aws:iam::694282683086:instance-profile/*",
+          "arn:aws:iam::694282683086:policy/*",
+          "arn:aws:iam::694282683086:role/*",
+          "arn:aws:lambda:*:694282683086:code-signing-config:*",
+          "arn:aws:lambda:*:694282683086:event-source-mapping:*",
+          "arn:aws:lambda:*:694282683086:function:*",
+          "arn:aws:logs:*:694282683086:anomaly-detector:*",
+          "arn:aws:logs:*:694282683086:delivery-destination:*",
+          "arn:aws:logs:*:694282683086:delivery-source:*",
+          "arn:aws:logs:*:694282683086:delivery:*",
+          "arn:aws:logs:*:694282683086:destination:*",
+          "arn:aws:logs:*:694282683086:log-group:*",
+          "arn:aws:resource-groups:*:694282683086:group/*",
+          "arn:aws:sns:*:694282683086:*"
+        ]
+      },
+      {
+        Action = [
+          "elasticloadbalancing:AddTags",
+          "elasticloadbalancing:RemoveTags"
+        ]
+        Effect = "Allow"
+        Resource = [
+          "arn:aws:elasticloadbalancing:*:694282683086:listener-rule/app/*/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener-rule/net/*/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener/app/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener/gwy/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener/net/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:loadbalancer/app/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:loadbalancer/gwy/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:loadbalancer/net/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:targetgroup/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:truststore/*/*"
+        ]
+      },
+      {
+        Action = [
+          "elasticloadbalancing:AddTags",
+          "elasticloadbalancing:RemoveTags",
+          "events:TagResource",
+          "events:UntagResource"
+        ]
+        Effect = "Allow"
+        Resource = [
+          "arn:aws:elasticloadbalancing:*:694282683086:listener-rule/app/*/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener-rule/net/*/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener/app/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener/gwy/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:listener/net/*/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:loadbalancer/app/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:loadbalancer/gwy/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:loadbalancer/net/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:targetgroup/*/*",
+          "arn:aws:elasticloadbalancing:*:694282683086:truststore/*/*",
+          "arn:aws:events:*:694282683086:rule/*"
+        ]
+      },
     ]
   })
 }
