From 50070e8fe7f740cb450cdff6f62ced9f1da16aa5 Mon Sep 17 00:00:00 2001
From: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
Date: Wed, 18 Jan 2023 11:45:37 +0100
Subject: [PATCH] fix(IAM): add missing permissions for Prowler (#1731)

Co-authored-by: sergargar <sergio@verica.io>
---
 permissions/prowler-additions-policy.json | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/permissions/prowler-additions-policy.json b/permissions/prowler-additions-policy.json
index e4f8cd096e..910d1b4c0a 100644
--- a/permissions/prowler-additions-policy.json
+++ b/permissions/prowler-additions-policy.json
@@ -3,15 +3,22 @@
   "Statement": [
     {
       "Action": [
-        "ds:ListAuthorizedApplications",
+        "appstream:Describe*",
+        "codeartifact:List*",
+        "codebuild:BatchGet*",
+        "ds:Describe*",
+        "ds:Get*",
+        "ds:List*",
         "ec2:GetEbsEncryptionByDefault",
         "ecr:Describe*",
         "elasticfilesystem:DescribeBackupPolicy",
         "glue:GetConnections",
-        "glue:GetSecurityConfiguration",
+        "glue:GetSecurityConfiguration*",
         "glue:SearchTables",
-        "lambda:GetFunction",
+        "lambda:GetFunction*",
+        "macie2:GetMacieSession",
         "s3:GetAccountPublicAccessBlock",
+        "s3:GetPublicAccessBlock",
         "shield:DescribeProtection",
         "shield:GetSubscriptionState",
         "ssm:GetDocument",
@@ -21,6 +28,15 @@
       "Resource": "*",
       "Effect": "Allow",
       "Sid": "AllowMoreReadForProwler"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "apigateway:GET"
+      ],
+      "Resource": [
+        "arn:aws:apigateway:*::/restapis/*"
+      ]
     }
   ]
 }