From 6e76902808a280175a97412a594fbf7b7cab214e Mon Sep 17 00:00:00 2001
From: Jan Calanog <jan.calanog@elastic.co>
Date: Fri, 5 Sep 2025 09:48:14 +0200
Subject: [PATCH] Fix API lambda workflow permissions

---
 .github/workflows/deploy-api-lambda-edge.yml    | 3 +++
 .github/workflows/deploy-api-lambda-prod.yml    | 3 +++
 .github/workflows/deploy-api-lambda-staging.yml | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/.github/workflows/deploy-api-lambda-edge.yml b/.github/workflows/deploy-api-lambda-edge.yml
index bb985b463..ae6d81991 100644
--- a/.github/workflows/deploy-api-lambda-edge.yml
+++ b/.github/workflows/deploy-api-lambda-edge.yml
@@ -11,5 +11,8 @@ permissions:
 jobs: 
   deploy:
     uses: ./.github/workflows/deploy-api-lambda.yml
+    permissions: 
+      id-token: write
+      contents: read
     with:
       environment: edge
diff --git a/.github/workflows/deploy-api-lambda-prod.yml b/.github/workflows/deploy-api-lambda-prod.yml
index 9d43d5db3..ce3725fc4 100644
--- a/.github/workflows/deploy-api-lambda-prod.yml
+++ b/.github/workflows/deploy-api-lambda-prod.yml
@@ -14,6 +14,9 @@ permissions:
 jobs: 
   deploy:
     uses: ./.github/workflows/deploy-api-lambda.yml
+    permissions:
+      id-token: write
+      contents: read
     with:
       environment: prod
       ref: refs/tags/${{ github.event.inputs.ref }}
diff --git a/.github/workflows/deploy-api-lambda-staging.yml b/.github/workflows/deploy-api-lambda-staging.yml
index f5fedfe7c..d8aa73377 100644
--- a/.github/workflows/deploy-api-lambda-staging.yml
+++ b/.github/workflows/deploy-api-lambda-staging.yml
@@ -11,6 +11,9 @@ permissions:
 jobs: 
   deploy:
     uses: ./.github/workflows/deploy-api-lambda.yml
+    permissions:
+      id-token: write
+      contents: read
     with:
       environment: staging
       ref: refs/tags/${{ github.event.release.tag_name }}