Fix/lambda permissions

[gcharest]

Summary | Résumé

Attach the Lambdas Readonly policy to the role.

[github-actions]

Production: terraform

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 1 to add, 0 to change, 0 to destroy

Show summary

CHANGE	NAME
add	aws_iam_role_policy_attachment.lambda_read_only

Show plan

Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_iam_role_policy_attachment.lambda_read_only will be created
  + resource "aws_iam_role_policy_attachment" "lambda_read_only" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess"
      + role       = "sre-bot-ecs-role"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Argument is deprecated

  with module.sre_bot_bucket.aws_s3_bucket.this,
  on .terraform/modules/sre_bot_bucket/S3/main.tf line 8, in resource "aws_s3_bucket" "this":
   8: resource "aws_s3_bucket" "this" {

Use the aws_s3_bucket_versioning resource instead

(and 6 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Releasing state lock. This may take a few moments...

Show Conftest results

WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.sre_bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sre-bot_group"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sre_bot_dns"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sre_bot_waf_log_group"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.sre_bot_error"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.sre_bot_warning"]
WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.aws_access_requests_table"]
WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.sre_bot_data"]
WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.webhooks_table"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.sre-bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_cluster.sre-bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_service.main"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_task_definition.sre-bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.geodb_refresh_policy"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.sre-bot_secrets_manager"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.sre_bot_bucket"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.sre-bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.sre_bot_sqs_access_role"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb.sre_bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_listener.sre_bot_listener"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_target_group.sre_bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_route53_health_check.sre_bot_healthcheck"]
WARN - plan.json - main - Missing Common Tags: ["aws_route53_resolver_query_log_config.sre_bot"]
WARN - plan.json - main - Missing Common...