feat: adiciona politica para ssm

main.tf

@@ -74,6 +74,43 @@ resource "aws_iam_role" "lambda_role" {
   })
 }
 
+/**
+  * AWS IAM Policy for SSM
+  *
+  * This resource block defines an AWS IAM policy that allows Lambda functions to read
+  * parameters from AWS Systems Manager Parameter Store.
+  */
+resource "aws_iam_policy" "ssm_policy" {
+  name        = "ssm_policy"
+  description = "SSM Policy"
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "ssm:GetParameters",
+          "ssm:GetParameter"
+        ],
+        Resource = "/${var.project_name}/*"
+      }
+    ]
+  })
+}
+
+/**
+ * Attach the AWS IAM policy to the Lambda function's role.
+ *
+ * This resource block attaches the AWS IAM policy specified by the `policy_arn` attribute
+ * to the IAM role associated with the Lambda function. The `name` attribute is used to
+ * provide a unique name for this policy attachment resource.
+ */
+resource "aws_iam_policy_attachment" "ssm_policy_attachment" {
+  name       = "ssm_policy_attachment"
+  roles      = [aws_iam_role.lambda_role.name]
+  policy_arn = aws_iam_policy.ssm_policy.arn
+}
+
 
 /**
  * Attach the AWS IAM policy to the Lambda function's role.