From abf50bf4ca4f7543527a1fcf748522e764d6638e Mon Sep 17 00:00:00 2001
From: tymnicholas <46499723+tymnicholas@users.noreply.github.com>
Date: Thu, 24 Jul 2025 22:09:40 +0800
Subject: [PATCH] added dynamic statement for GHA OIDC
 lambda:UpdateEventSourceMapping

---
 data.tf | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/data.tf b/data.tf
index 69c888c..67ccd52 100644
--- a/data.tf
+++ b/data.tf
@@ -57,6 +57,17 @@ data "aws_iam_policy_document" "update_lambda" {
       resources = ["arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${var.function_prefix}*"]
     }
   }
+
+  dynamic "statement" {
+    for_each = var.enable_version_identifier ? [1] : []
+    content {
+      sid = "AllowLambdaUpdateEvtSrcMapping"
+      actions = [
+        "lambda:UpdateEventSourceMapping",
+      ]
+      resources = ["arn:aws:lambda:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:function:${var.function_prefix}*"]
+    }
+  }
 }
 
 data "aws_iam_policy_document" "update_lambda_combined" {