NRL-721 Add kms perms to lambda policy

Author: sandyforresternhs

scripts/reset_sandbox_table.py

@@ -37,7 +37,7 @@ def reset_sandbox_table(table_name: str, pointers_per_type: int = 2):
     print("Step 2: Seeding with fresh pointer data...")
     try:
         result = seed_sandbox_table(table_name, pointers_per_type, force=True)
-        print(f"\n=== ✓ Reset Complete ===")
+        print("\n=== ✓ Reset Complete ===")
         print(
             f"Table '{table_name}' has been reset with {result['successful']} fresh pointers"
         )

scripts/seed_sandbox_table.py

@@ -166,7 +166,7 @@ def _generate_and_write_pointers(
 
     for pointer_type, template in templates.items():
         for custodian in CUSTODIANS:
-            for i in range(pointers_per_type):
+            for _ in range(pointers_per_type):
                 counter += 1
 
                 try:

terraform/account-wide-infrastructure/modules/seed_sandbox_lambda/iam.tf

@@ -42,6 +42,14 @@ resource "aws_iam_role_policy" "seed_sandbox_additional_permissions" {
           "dynamodb:BatchWriteItem"
         ]
         Resource = [for table_name in var.table_names : "arn:aws:dynamodb:${var.region}:*:table/${table_name}"]
+      },
+      {
+        Effect = "Allow"
+        Action = [
+          "kms:Decrypt",
+          "kms:DescribeKey"
+        ]
+        Resource = "*"
       }
     ]
   })