From b3ae06041b5c1d803fa029e65bc8d5f54ded08b1 Mon Sep 17 00:00:00 2001
From: Ivan Besinovic <ivan.besinovic@sysdig.com>
Date: Mon, 6 Oct 2025 16:43:41 +0200
Subject: [PATCH] SSPROD-60803 - Add iam:ListAccountAliases permission for
 account alias retrieval

---
 modules/onboarding/main.tf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/onboarding/main.tf b/modules/onboarding/main.tf
index 3de1e0e..0b653e0 100644
--- a/modules/onboarding/main.tf
+++ b/modules/onboarding/main.tf
@@ -65,6 +65,7 @@ resource "aws_iam_role_policy" "onboarding_role_policy" {
         Action = [
           "account:Get*",
           "account:List*",
+          "iam:ListAccountAliases",
         ]
         Effect   = "Allow"
         Resource = "*"
@@ -107,4 +108,9 @@ resource "sysdig_secure_cloud_auth_account" "cloud_auth_account" {
       feature
     ]
   }
+
+  depends_on = [
+    aws_iam_role_policy.onboarding_role_policy,
+    aws_cloudformation_stack_set_instance.stackset_instance
+  ]
 }