From a2c7bc854517fb7090c4044279155aced561c38f Mon Sep 17 00:00:00 2001
From: dani <29378233+kheina@users.noreply.github.com>
Date: Fri, 19 Jan 2024 12:27:45 -0500
Subject: [PATCH] fix(e2e): update enos policies to include s3:ListBucket
 (#4255)

---
 enos/ci/service-user-iam/main.tf   | 7 +++++--
 enos/modules/aws_bucket/main.tf    | 2 ++
 enos/modules/aws_iam_setup/main.tf | 4 ++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/enos/ci/service-user-iam/main.tf b/enos/ci/service-user-iam/main.tf
index 6f85a70f2b..a8c2fd4d6e 100644
--- a/enos/ci/service-user-iam/main.tf
+++ b/enos/ci/service-user-iam/main.tf
@@ -224,7 +224,8 @@ data "aws_iam_policy_document" "enos_policy_document" {
       "s3:DeleteBucket*",
       "s3:GetBucket*",
       "s3:HeadBucket",
-      "s3:PutBucket*"
+      "s3:PutBucket*",
+      "s3:ListBucket",
     ]
 
     resources = ["*"]
@@ -265,7 +266,7 @@ data "aws_iam_policy_document" "aws_nuke_policy_document" {
 }
 
 resource "aws_iam_policy" "demo_user" {
-  name        = "BoundaryDemoPermissionsBoundary"
+  name        = "DemoUser"
   path        = "/"
   description = "Used to allow temporary IAM user creation for end-to-end tests"
   policy      = data.aws_iam_policy_document.demo_user_policy_document.json
@@ -289,6 +290,7 @@ data "aws_iam_policy_document" "demo_user_policy_document" {
       "s3:GetObject",
       "s3:GetObjectAttributes",
       "s3:PutObject",
+      "s3:ListBucket",
     ]
 
     condition {
@@ -326,6 +328,7 @@ data "aws_iam_policy_document" "demo_user_policy_document" {
       "s3:GetObject",
       "s3:GetObjectAttributes",
       "s3:PutObject",
+      "s3:ListBucket",
     ]
   }
 }
diff --git a/enos/modules/aws_bucket/main.tf b/enos/modules/aws_bucket/main.tf
index 97ab4a01ef..0621e409b4 100644
--- a/enos/modules/aws_bucket/main.tf
+++ b/enos/modules/aws_bucket/main.tf
@@ -18,10 +18,12 @@ data "aws_iam_policy_document" "default" {
       "s3:GetObject",
       "s3:DeleteObject",
       "s3:GetObjectAttributes",
+      "s3:ListBucket",
     ]
 
     resources = [
       "${aws_s3_bucket.default.arn}/*",
+      "${aws_s3_bucket.default.arn}",
     ]
   }
 }
diff --git a/enos/modules/aws_iam_setup/main.tf b/enos/modules/aws_iam_setup/main.tf
index 2db9667b8a..7554d1cb69 100644
--- a/enos/modules/aws_iam_setup/main.tf
+++ b/enos/modules/aws_iam_setup/main.tf
@@ -12,9 +12,9 @@ locals {
 }
 
 resource "aws_iam_user" "boundary" {
-  name                 = "boundary-e2e-${var.test_id}"
+  name                 = "demo-boundary-e2e-${var.test_id}"
   tags                 = { boundary-demo = local.user_email }
-  permissions_boundary = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/BoundaryDemoPermissionsBoundary"
+  permissions_boundary = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/DemoUser"
 }
 
 resource "aws_iam_user_policy" "boundary" {