From c1e7bde6c0700f6dce62a2551a08900cf1022d63 Mon Sep 17 00:00:00 2001
From: Evan Stohlmann <evmann@amazon.com>
Date: Tue, 17 Dec 2024 15:57:35 -0700
Subject: [PATCH] Adding Rag Connection perms to lambda

---
 lib/rag/state_machine/ingest-pipeline.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/rag/state_machine/ingest-pipeline.ts b/lib/rag/state_machine/ingest-pipeline.ts
index 5544c82..4ea14ec 100644
--- a/lib/rag/state_machine/ingest-pipeline.ts
+++ b/lib/rag/state_machine/ingest-pipeline.ts
@@ -185,7 +185,8 @@ export class IngestPipelineStateMachine extends Construct {
                         `arn:${cdk.Aws.PARTITION}:ssm:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:parameter${config.deploymentPrefix}/lisaServeRagRepositoryEndpoint`,
                         `arn:${cdk.Aws.PARTITION}:ssm:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:parameter${config.deploymentPrefix}/lisaServeRestApiUri`,
                         `arn:${cdk.Aws.PARTITION}:ssm:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:parameter${config.deploymentPrefix}/managementKeySecretName`,
-                        `arn:${cdk.Aws.PARTITION}:ssm:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:parameter${config.deploymentPrefix}/registeredRepositories`
+                        `arn:${cdk.Aws.PARTITION}:ssm:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:parameter${config.deploymentPrefix}/registeredRepositories`,
+                        `arn:${cdk.Aws.PARTITION}:ssm:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:parameter${config.deploymentPrefix}/LisaServeRagConnectionInfo/*`
                     ]
                 }),
                 new PolicyStatement({