Merge pull request #4396 from govuk-one-login/ATO-591/update-cross-ac…

…count-dynamo-db-perm-boundary ATO-591: Implement access to auth dynamo db's in permission boundary
govuk-one-login · May 13, 2024 · ae96578 · ae96578
2 parents 75bf5b5 + 22becb2
commit ae96578
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/ci/stack-orchestration/README.md b/ci/stack-orchestration/README.md
@@ -36,6 +36,6 @@ the `configuration/[ENVIRONMENT]/[PIPELINE]/parameters.json` files.
 ## SSM Parameters
 
 The following parameters are not provisioned by CloudFormation, and instead are managed manually in Systems Manager Parameter Store:
-- `<envrionment>-ipv-capacity`
+- `<environment>-ipv-capacity`
 - `<environment>-auth-public-encryption-key`
 - `<environment>-ipv-public-encryption-key`
diff --git a/ci/stack-orchestration/configuration/dev/dev-orch-be-pipeline/parameters.json b/ci/stack-orchestration/configuration/dev/dev-orch-be-pipeline/parameters.json
@@ -1,4 +1,24 @@
 [
+  {
+    "ParameterKey": "AccessDynamoDBAccounts",
+    "ParameterValue": "761723964695"
+  },
+  {
+    "ParameterKey": "AllowedServiceOne",
+    "ParameterValue": "DynamoDB"
+  },
+  {
+    "ParameterKey": "AllowedServiceTwo",
+    "ParameterValue": "SSM"
+  },
+  {
+    "ParameterKey": "AllowedServiceThree",
+    "ParameterValue": "SQS"
+  },
+  {
+    "ParameterKey": "AllowedServiceFour",
+    "ParameterValue": "EC2"
+  },
   {
     "ParameterKey": "AdditionalCodeSigningVersionArns",
     "ParameterValue": "arn:aws:signer:eu-west-2:216552277552:/signing-profiles/DynatraceSigner/5uwzCCGTPq"
@@ -19,6 +39,10 @@
     "ParameterKey": "OneLoginRepositoryName",
     "ParameterValue": "authentication-api"
   },
+  {
+    "ParameterKey": "ProgrammaticPermissionsBoundary",
+    "ParameterValue": "True"
+  },
   {
     "ParameterKey": "RequireManualApproval",
     "ParameterValue": "No"