From e109cb74e7ce86ee921e3ae665c159dd370e61ee Mon Sep 17 00:00:00 2001
From: carlssonk <o.carlssonk@gmail.com>
Date: Sat, 28 Sep 2024 04:18:52 +0200
Subject: [PATCH] iam:DeleteRolePolicy

---
 modules/nat/iam/main.tf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/nat/iam/main.tf b/modules/nat/iam/main.tf
index 7fcfdb1..b8d4922 100644
--- a/modules/nat/iam/main.tf
+++ b/modules/nat/iam/main.tf
@@ -31,6 +31,13 @@ data "aws_iam_policy_document" "this" {
     resources = ["arn:aws:ec2:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:launch-template/*"]
     effect    = "Allow"
   }
+  statement {
+    actions = [
+      "iam:DeleteRolePolicy" # temporary
+    ]
+    resources = ["*"]
+    effect    = "Allow"
+  }
   # dynamic "statement" {
   #   for_each = var.nat_type == "fck-nat" ? ["x"] : []
   #   content {