ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-01-25 02:08:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(permissions): Update (#1444)

Browse Source
This commit is contained in:
Pepe Fagoaga
2022-12-20 09:40:19 +01:00
committed by GitHub
parent e9b09790da
commit 1cf86350bc
2 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
iam/create_role_to_assume_cfn.yaml
View File

@@ -56,20 +56,27 @@ Resources:
- Effect: Allow
Action:
- 'account:Get*'
- 'appstream:DescribeFleets'
- 'appstream:Describe*'
- 'codeartifact:List*'
- 'codebuild:BatchGet*'
- 'ds:Get*'
- 'ds:Describe*'
- 'ds:List*'
- 'ec2:GetEbsEncryptionByDefault'
- 'ecr:Describe*'
- 'elasticfilesystem:DescribeBackupPolicy'
- 'eks:List*'
- 'glue:GetConnections'
- 'glue:GetSecurityConfiguration'
- 'glue:SearchTables'
- 'lambda:GetFunction'
- 'macie2:GetMacieSession'
- 's3:GetAccountPublicAccessBlock'
- 's3:GetEncryptionConfiguration'
- 's3:GetPublicAccessBlock'
- 'shield:DescribeProtection'
- 'shield:GetSubscriptionState'
- 'securityhub:BatchImportFindings'
- 'ssm:GetDocument'
- 'support:Describe*'
- 'tag:GetTagKeys'

8
iam/prowler-additions-policy.json
View File

@@ -4,15 +4,16 @@
{
"Action": [
"account:Get*",
"appstream:DescribeFleets",
"codeartifact:ListRepositories",
"codebuild:BatchGetBuilds",
"appstream:Describe*",
"codeartifact:List*",
"codebuild:BatchGet*",
"ds:Get*",
"ds:Describe*",
"ds:List*",
"ec2:GetEbsEncryptionByDefault",
"ecr:Describe*",
"elasticfilesystem:DescribeBackupPolicy",
"eks:List*",
"glue:GetConnections",
"glue:GetSecurityConfiguration",
"glue:SearchTables",
@@ -23,6 +24,7 @@
"s3:GetPublicAccessBlock",
"shield:DescribeProtection",
"shield:GetSubscriptionState",
"securityhub:BatchImportFindings",
"ssm:GetDocument",
"support:Describe*",
"tag:GetTagKeys"