Homebrew
diff --git a/‎.terraform.lock.hcl
+56-56 b/‎.terraform.lock.hcl
+56-56
diff --git a/‎aws/roles.tf
+3-5 b/‎aws/roles.tf
+3-5
@@ -34,9 +34,9 @@ data "aws_iam_policy_document" "codebuild_policy_document" {
 }
 
 resource "aws_iam_policy" "opentofu_policy" {
-  name        = "OpentofuPolicy"
+  name        = "OpentofuApplyPolicy"
   path        = "/"
-  description = "Policy to allow Opentofu to do it's thing"
+  description = "Policy to allow Opentofu to apply infrastructure changes"
 
   policy = data.aws_iam_policy_document.codebuild_policy_document.json
 }
@@ -80,9 +80,7 @@ resource "aws_iam_role" "github_tf" {
     Version = "2012-10-17"
   })
   managed_policy_arns = [
-    "arn:aws:iam::aws:policy/AmazonS3FullAccess",
-    "arn:aws:iam::aws:policy/AWSSSOReadOnly",
-    "arn:aws:iam::aws:policy/IAMReadOnlyAccess",
+    "arn:aws:iam::aws:policy/AdministratorAccess",
     aws_iam_policy.opentofu_policy.arn
   ]
 }
Original file line number	Diff line number	Diff line change
`@@ -34,9 +34,9 @@ data "aws_iam_policy_document" "codebuild_policy_document" {`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`resource "aws_iam_policy" "opentofu_policy" {`
`37`		`- name = "OpentofuPolicy"`
	`37`	`+ name = "OpentofuApplyPolicy"`
`38`	`38`	`path = "/"`
`39`		`- description = "Policy to allow Opentofu to do it's thing"`
	`39`	`+ description = "Policy to allow Opentofu to apply infrastructure changes"`
`40`	`40`
`41`	`41`	`policy = data.aws_iam_policy_document.codebuild_policy_document.json`
`42`	`42`	`}`
`@@ -80,9 +80,7 @@ resource "aws_iam_role" "github_tf" {`
`80`	`80`	`Version = "2012-10-17"`
`81`	`81`	`})`
`82`	`82`	`managed_policy_arns = [`
`83`		`- "arn:aws:iam::aws:policy/AmazonS3FullAccess",`
`84`		`- "arn:aws:iam::aws:policy/AWSSSOReadOnly",`
`85`		`- "arn:aws:iam::aws:policy/IAMReadOnlyAccess",`
	`83`	`+ "arn:aws:iam::aws:policy/AdministratorAccess",`
`86`	`84`	`aws_iam_policy.opentofu_policy.arn`
`87`	`85`	`]`
`88`	`86`	`}`