[ndr-387] moved states permissions to common file

Author: tim-knight-nhs

base_iam/iam_github_dev_test.tf

@@ -49,12 +49,6 @@ resource "aws_iam_policy" "github_actions_dev_test" {
           "ec2:DeleteNatGateway",
           "s3:*",
           "sqs:TagQueue",
-          "states:CreateStateMachine",
-          "states:DeleteStateMachine",
-          "states:DescribeStateMachine",
-          "states:TagResource",
-          "states:UntagResource",
-          "states:UpdateStateMachine"
         ]
         Effect   = "Allow"
         Resource = "*"

base_iam/iam_github_dev_test_pre-prod_prod.tf

@@ -424,6 +424,18 @@ resource "aws_iam_policy" "github_actions_dev_test_pre-prod_prod_3" {
         Effect   = "Allow"
         Resource = "arn:aws:rum:eu-west-2:${data.aws_caller_identity.current.account_id}:appmonitor/*"
       },
+      {
+        Action = [
+          "states:CreateStateMachine",
+          "states:DeleteStateMachine",
+          "states:DescribeStateMachine",
+          "states:TagResource",
+          "states:UntagResource",
+          "states:UpdateStateMachine"
+        ]
+        Effect   = "Allow"
+        Resource = "arn:aws:states:eu-west-2:${data.aws_caller_identity.current.account_id}:stateMachine:*"
+      },
     ]
   })
 }

base_iam/iam_github_pre-prod_prod.tf

@@ -56,18 +56,6 @@ resource "aws_iam_policy" "github_actions_pre-prod_prod" {
         Effect   = "Allow"
         Resource = "*"
       },
-      {
-        Action = [
-          "states:CreateStateMachine",
-          "states:DeleteStateMachine",
-          "states:DescribeStateMachine",
-          "states:TagResource",
-          "states:UntagResource",
-          "states:UpdateStateMachine"
-        ]
-        Effect   = "Allow"
-        Resource = "arn:aws:states:eu-west-2:${data.aws_caller_identity.current.account_id}:stateMachine:*"
-      },
       {
         Action = [
           "ecr:BatchDeleteImage",