From bff09eb11e8f0fb9256dc243e97bc254bb35e37b Mon Sep 17 00:00:00 2001
From: James Miller <james.miller1@digital.cabinet-office.gov.uk>
Date: Wed, 28 Aug 2024 16:22:25 +0100
Subject: [PATCH] s3 sync operation requires s3:ListBucket permission

---
 terraform/deployments/mobile-backend/gha-iam-role.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/terraform/deployments/mobile-backend/gha-iam-role.tf b/terraform/deployments/mobile-backend/gha-iam-role.tf
index 287f82c93..4d22e58d4 100644
--- a/terraform/deployments/mobile-backend/gha-iam-role.tf
+++ b/terraform/deployments/mobile-backend/gha-iam-role.tf
@@ -52,7 +52,8 @@ resource "aws_iam_role_policy" "config_signing" {
 data "aws_iam_policy_document" "bucket_write_role_permissions" {
   statement {
     actions = [
-      "s3:PutObject"
+      "s3:PutObject",
+      "s3:ListBucket"
     ]
     resources = [aws_s3_bucket.mobile_backend_remote_config.arn]
   }