From 0e77849cbaddf5482fd21f03bea8007b38a1f50f Mon Sep 17 00:00:00 2001
From: Alexey Markevich <buhhunyx@gmail.com>
Date: Wed, 7 Dec 2022 14:58:01 +0100
Subject: [PATCH] fix: Add `ssm:GetParameters` permission to `external-secrets`
 policy (#316)

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
---
 .pre-commit-config.yaml                               | 4 ++--
 modules/iam-role-for-service-accounts-eks/policies.tf | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 74f3751c..d5886a6d 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.76.0
+    rev: v1.77.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
@@ -23,7 +23,7 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
diff --git a/modules/iam-role-for-service-accounts-eks/policies.tf b/modules/iam-role-for-service-accounts-eks/policies.tf
index d4ff8289..d9017f23 100644
--- a/modules/iam-role-for-service-accounts-eks/policies.tf
+++ b/modules/iam-role-for-service-accounts-eks/policies.tf
@@ -410,7 +410,10 @@ data "aws_iam_policy_document" "external_secrets" {
   count = var.create_role && var.attach_external_secrets_policy ? 1 : 0
 
   statement {
-    actions   = ["ssm:GetParameter"]
+    actions = [
+      "ssm:GetParameter",
+      "ssm:GetParameters",
+    ]
     resources = var.external_secrets_ssm_parameter_arns
   }