From 32c6f242d61b871a096dc1f2d53585d546ad1b82 Mon Sep 17 00:00:00 2001
From: Mike Starov <mike.starov@gmail.com>
Date: Wed, 26 Jun 2024 08:48:46 -0700
Subject: [PATCH] Add missing read only access policy

The role is used for polling integration as well as for metric streams. Polling integration require read access to AWS account.
---
 examples/modules/cloud-integrations/aws/main.tf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/examples/modules/cloud-integrations/aws/main.tf b/examples/modules/cloud-integrations/aws/main.tf
index 865761485..b669c47cb 100644
--- a/examples/modules/cloud-integrations/aws/main.tf
+++ b/examples/modules/cloud-integrations/aws/main.tf
@@ -67,6 +67,11 @@ resource "aws_iam_role_policy_attachment" "newrelic_aws_policy_attach" {
   policy_arn = aws_iam_policy.newrelic_aws_permissions.arn
 }
 
+resource "aws_iam_role_policy_attachment" "newrelic_aws_policy_attach_read_only" {
+  role       = alks_iamrole.newrelic_aws_role.name
+  policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
+}
+
 resource "newrelic_cloud_aws_link_account" "newrelic_cloud_integration_push" {
   account_id             = var.newrelic_account_id
   arn                    = aws_iam_role.newrelic_aws_role.arn