mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
chore(aws): handle new permissions (#4289)
This commit is contained in:
@@ -65,13 +65,16 @@ Resources:
|
||||
- 'ds:Get*'
|
||||
- 'ds:Describe*'
|
||||
- 'ds:List*'
|
||||
- 'dynamodb:GetResourcePolicy'
|
||||
- 'ec2:GetEbsEncryptionByDefault'
|
||||
- 'ec2:GetInstanceMetadataDefaults'
|
||||
- 'ecr:Describe*'
|
||||
- 'elasticfilesystem:DescribeBackupPolicy'
|
||||
- 'glue:GetConnections'
|
||||
- 'glue:GetSecurityConfiguration*'
|
||||
- 'glue:SearchTables'
|
||||
- 'lambda:GetFunction*'
|
||||
- 'lightsail:GetRelationalDatabases'
|
||||
- 'macie2:GetMacieSession'
|
||||
- 's3:GetAccountPublicAccessBlock'
|
||||
- 'shield:DescribeProtection'
|
||||
|
||||
@@ -16,7 +16,9 @@
|
||||
"ds:Get*",
|
||||
"ds:Describe*",
|
||||
"ds:List*",
|
||||
"dynamodb:GetResourcePolicy",
|
||||
"ec2:GetEbsEncryptionByDefault",
|
||||
"ec2:GetInstanceMetadataDefaults",
|
||||
"ecr:Describe*",
|
||||
"ecr:GetRegistryScanningConfiguration",
|
||||
"elasticfilesystem:DescribeBackupPolicy",
|
||||
@@ -25,6 +27,7 @@
|
||||
"glue:SearchTables",
|
||||
"lambda:GetFunction*",
|
||||
"logs:FilterLogEvents",
|
||||
"lightsail:GetRelationalDatabases",
|
||||
"macie2:GetMacieSession",
|
||||
"s3:GetAccountPublicAccessBlock",
|
||||
"shield:DescribeProtection",
|
||||
|
||||
@@ -124,10 +124,14 @@ class Schema(AWSService):
|
||||
)
|
||||
|
||||
def __get_resource_policy__(self, regional_client):
|
||||
logger.info("EventBridge - Describing Event Buses...")
|
||||
logger.info("EventBridge - Getting Registry Resource Policy...")
|
||||
try:
|
||||
for registry in self.registries.values():
|
||||
if registry.region == regional_client.region:
|
||||
# Only get the policy for the registry in the same region and not AWS owned
|
||||
if (
|
||||
registry.region == regional_client.region
|
||||
and not registry.name.startswith("aws.")
|
||||
):
|
||||
try:
|
||||
response = regional_client.get_resource_policy(
|
||||
RegistryName=registry.name
|
||||
|
||||
@@ -49,6 +49,8 @@ class FMS(AWSService):
|
||||
if (
|
||||
"No default admin could be found for account"
|
||||
in error.response["Error"]["Message"]
|
||||
or "Operation ListPolicies is only available to AWS Firewall Manager Administrators"
|
||||
in error.response["Error"]["Message"]
|
||||
):
|
||||
# FMS is not enabled in this account
|
||||
self.fms_admin_account = False
|
||||
|
||||
Reference in New Issue
Block a user