@@ -78,28 +78,6 @@ module "backup_ingest_sfn_role" {
7878 ],
7979 " Resource" : " *"
8080 },
81- {
82- " Sid" : " AllowGetTags"
83- " Effect" : " Allow"
84- " Action" : [
85- " backup-gateway:ListTagsForResource"
86- " dsql:ListTagsForResource"
87- " dynamodb:ListTagsOfResource"
88- " ec2:DescribeTags"
89- " elasticfilesystem:DescribeTags"
90- " fsx:ListTagsForResource"
91- " rds:ListTagsForResource"
92- " redshift-serverless:ListTagsForResource"
93- " redshift:DescribeTags"
94- " s3:GetBucketTagging"
95- " s3:GetObjectTagging"
96- " s3:GetObjectVersionTagging"
97- " ssm-sap:ListTagsForResource"
98- " storagegateway:ListTagsForResource"
99- " timestream:ListTagsForResource"
100- ],
101- " Resource" : " *"
102- },
10381 {
10482 " Sid" : " AllowBackupCopyJob"
10583 " Effect" : " Allow"
@@ -171,10 +149,32 @@ module "backup_ingest_sfn_state_role" {
171149 inline_policy = jsonencode ({
172150 Version : " 2012-10-17"
173151 Statement : [
152+ {
153+ " Sid" : " AllowGetTags"
154+ " Effect" : " Allow"
155+ " Action" : [
156+ " backup:ListTags"
157+ " backup-gateway:ListTagsForResource"
158+ " dsql:ListTagsForResource"
159+ " dynamodb:ListTagsOfResource"
160+ " ec2:DescribeTags"
161+ " elasticfilesystem:DescribeTags"
162+ " fsx:ListTagsForResource"
163+ " rds:ListTagsForResource"
164+ " redshift-serverless:ListTagsForResource"
165+ " redshift:DescribeTags"
166+ " s3:GetBucketTagging"
167+ " s3:GetObjectTagging"
168+ " s3:GetObjectVersionTagging"
169+ " ssm-sap:ListTagsForResource"
170+ " storagegateway:ListTagsForResource"
171+ " timestream:ListTagsForResource"
172+ ],
173+ " Resource" : " *"
174+ },
174175 {
175176 Effect : " Allow"
176177 Action : [
177- " backup:ListTags"
178178 " backup:UpdateRecoveryPointLifecycle"
179179 ],
180180 Resource : " *"
0 commit comments