fix(additions-policy): Updated multi-org ProwlerRole.yaml (#1123)

2025-12-19 05:17:47 +00:00 · 2022-05-03 05:34:12 -04:00
parent 59abd2bd5b
commit 295bb74acf
1 changed files with 9 additions and 19 deletions
--- a/util/org-multi-account/ProwlerRole.yaml
+++ b/util/org-multi-account/ProwlerRole.yaml
@@ -75,30 +75,20 @@ Resources:
                Effect: Allow
                Resource: "*"
                Action:
-                  - access-analyzer:List*
-                  - apigateway:Get*
-                  - apigatewayv2:Get*
-                  - aws-marketplace:ViewSubscriptions
-                  - dax:ListTables
                  - ds:ListAuthorizedApplications
-                  - ds:DescribeRoles
                  - ec2:GetEbsEncryptionByDefault
                  - ecr:Describe*
-                  - lambda:GetAccountSettings
-                  - lambda:GetFunctionConfiguration
-                  - lambda:GetLayerVersionPolicy
-                  - lambda:GetPolicy
-                  - opsworks-cm:Describe*
-                  - opsworks:Describe*
-                  - secretsmanager:ListSecretVersionIds
-                  - sns:List*
-                  - sqs:ListQueueTags
-                  - states:ListActivities
+                  - elasticfilesystem:DescribeBackupPolicy
+                  - glue:GetConnections
+                  - glue:GetSecurityConfiguration
+                  - glue:SearchTables
+                  - lambda:GetFunction
+                  - s3:GetAccountPublicAccessBlock
+                  - shield:DescribeProtection
+                  - shield:GetSubscriptionState
+                  - ssm:GetDocument
                  - support:Describe*
                  - tag:GetTagKeys
-                  - shield:GetSubscriptionState
-                  - shield:DescribeProtection
-                  - elasticfilesystem:DescribeBackupPolicy
        - PolicyName: Prowler-S3-Reports
          PolicyDocument:
            Version: 2012-10-17