From cba4b226fc52dfcc6a53e5848e6c95e74785aef9 Mon Sep 17 00:00:00 2001
From: A-Ashiq <afaan.ashiq2@gmail.com>
Date: Fri, 3 Jan 2025 15:24:19 +0000
Subject: [PATCH] Remove broad `PassRole` permission from operations IAM role

---
 terraform/10-account/iam.operations-role.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/terraform/10-account/iam.operations-role.tf b/terraform/10-account/iam.operations-role.tf
index 682dcf10..9248622f 100644
--- a/terraform/10-account/iam.operations-role.tf
+++ b/terraform/10-account/iam.operations-role.tf
@@ -54,7 +54,6 @@ module "iam_operations_policy" {
             "ecs:DescribeTasks",
             "ecs:ExecuteCommand",
             "ecs:RunTask",
-            "iam:PassRole",
             "logs:StartLiveTail",
             "logs:StopLiveTail"
           ],