diff --git a/permissions/create_role_to_assume_cfn.yaml b/permissions/create_role_to_assume_cfn.yaml index f9cb20e30a..2c47da5cca 100644 --- a/permissions/create_role_to_assume_cfn.yaml +++ b/permissions/create_role_to_assume_cfn.yaml @@ -58,22 +58,28 @@ Resources: - 'account:Get*' - 'appstream:Describe*' - 'appstream:List*' + - 'backup:List*' + - 'cloudtrail:GetInsightSelectors' - 'codeartifact:List*' - 'codebuild:BatchGet*' - 'cognito-idp:GetUserPoolMfaConfig' - 'dlm:Get*' + - 'drs:Describe*' - 'ds:Get*' - 'ds:Describe*' - 'ds:List*' - 'dynamodb:GetResourcePolicy' - 'ec2:GetEbsEncryptionByDefault' + - 'ec2:GetSnapshotBlockPublicAccessState' - 'ec2:GetInstanceMetadataDefaults' - 'ecr:Describe*' + - 'ecr:GetRegistryScanningConfiguration' - 'elasticfilesystem:DescribeBackupPolicy' - 'glue:GetConnections' - 'glue:GetSecurityConfiguration*' - 'glue:SearchTables' - 'lambda:GetFunction*' + - 'logs:FilterLogEvents' - 'lightsail:GetRelationalDatabases' - 'macie2:GetMacieSession' - 's3:GetAccountPublicAccessBlock' @@ -82,8 +88,10 @@ Resources: - 'securityhub:BatchImportFindings' - 'securityhub:GetFindings' - 'ssm:GetDocument' + - 'ssm-incidents:List*' - 'support:Describe*' - 'tag:GetTagKeys' + - 'wellarchitected:List*' Resource: '*' - PolicyName: ProwlerScanRoleAdditionalViewPrivilegesApiGateway PolicyDocument: diff --git a/permissions/prowler-additions-policy.json b/permissions/prowler-additions-policy.json index 6fd80a8d8c..d1c8ea29c1 100644 --- a/permissions/prowler-additions-policy.json +++ b/permissions/prowler-additions-policy.json @@ -18,6 +18,7 @@ "ds:List*", "dynamodb:GetResourcePolicy", "ec2:GetEbsEncryptionByDefault", + "ec2:GetSnapshotBlockPublicAccessState", "ec2:GetInstanceMetadataDefaults", "ecr:Describe*", "ecr:GetRegistryScanningConfiguration",