1 files changed, 25 insertions, 0 deletions

diff --git a/hacking/aws_config/testing_policies/security-policy.json b/hacking/aws_config/testing_policies/security-policy.json
index e38842ef55..f0d0768a7a 100644
--- a/hacking/aws_config/testing_policies/security-policy.json
+++ b/hacking/aws_config/testing_policies/security-policy.json
@@ -195,6 +195,31 @@
                 "arn:aws:iam::{{ aws_account }}:user/ansible-test*",
                 "arn:aws:iam::{{ aws_account }}:group/ansible-test*"
             ]
+        },
+        {
+            "Sid": "AllowAccessToACMRestrictable",
+            "Effect": "Allow",
+            "Action": [
+                "acm:ImportCertificate",
+                "acm:DescribeCertificate",
+                "acm:GetCertificate",
+                "acm:AddTagsToCertificate",
+                "acm:DeleteCertificate"
+            ],
+            "Resource": [
+                "arn:aws:acm:{{aws_region}}:{{aws_account}}:certificate/*"
+            ]
+        },
+        {
+            "Sid": "AllowAccessToACMUnrestrictable",
+            "Effect": "Allow",
+            "Action": [
+                "acm:ListCertificates",
+                "acm:ListTagsForCertificate"
+            ],
+            "Resource": [
+                "*"
+            ]
         }
     ]
 }