From f373899132f6c88d92ca8816890f2d468c876b26 Mon Sep 17 00:00:00 2001
From: MarcoIeni <11428655+MarcoIeni@users.noreply.github.com>
Date: Thu, 26 Sep 2024 11:35:53 +0200
Subject: [PATCH] chore: grant Jake playground ec2 ssh permissions

---
 terraform/playground/instance.tf              |  3 ++-
 .../infra-deploy-playground.tf                | 23 +++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/terraform/playground/instance.tf b/terraform/playground/instance.tf
index 4bb8e10d0..8bbfec45b 100644
--- a/terraform/playground/instance.tf
+++ b/terraform/playground/instance.tf
@@ -266,7 +266,8 @@ resource "aws_instance" "playground2" {
   }
 
   tags = {
-    Name = "play-2"
+    Name    = "play-2"
+    Service = "playground"
   }
 
   lifecycle {
diff --git a/terraform/team-members-access/infra-deploy-playground.tf b/terraform/team-members-access/infra-deploy-playground.tf
index fdf7dafa1..26e4b9c5f 100644
--- a/terraform/team-members-access/infra-deploy-playground.tf
+++ b/terraform/team-members-access/infra-deploy-playground.tf
@@ -30,6 +30,29 @@ resource "aws_iam_group_policy" "infra_deploy_playground" {
           "arn:aws:ssm:us-west-1:890664054962:parameter/staging/ansible/all/*",
         ]
       },
+      {
+        "Effect" : "Allow",
+        "Action" : "ec2-instance-connect:SendSSHPublicKey",
+        "Resource" : [
+          "arn:aws:ec2:*:*:instance/*",
+        ],
+        "Condition" : {
+          "StringEquals" : {
+            "ec2:osuser" : "shep",
+            "ec2:ResourceTag/Service" : "playground"
+          }
+        }
+      },
+      {
+        "Effect" : "Allow",
+        "Action" : [
+          "ec2:DescribeInstances",
+          "ec2:DescribeVpcs"
+        ],
+        "Resource" : [
+          "arn:aws:ec2:*:*:instance/*",
+        ],
+      }
     ]
   })
 }