From 9ca2c31049a76b22e10a189b985c75e910947579 Mon Sep 17 00:00:00 2001
From: Chris Forte <97921876+christofort@users.noreply.github.com>
Date: Mon, 8 Jan 2024 18:27:57 +0800
Subject: [PATCH] Add sts:TagSession permission to Stratus role (#463)

---
 .../aws/defense-evasion/organizations-leave/main.tf             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf b/v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf
index a0383ea6..e04b3cb3 100644
--- a/v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf
+++ b/v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf
@@ -29,7 +29,7 @@ resource "aws_iam_role" "role" {
     Version = "2012-10-17"
     Statement = [
       {
-        Action = ["sts:AssumeRole", "sts:SetSourceIdentity"]
+        Action = ["sts:AssumeRole", "sts:SetSourceIdentity", "sts:TagSession"]
         Effect = "Allow"
         Sid    = ""
         Principal = {