Skip to content

Commit

Permalink
Add to the principal IAM policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@jayanandagit
jayanandagit committed Nov 18, 2020
1 parent 421932d commit 2282393
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 3 deletions.
10 changes: 10 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
## v0.33.2
- Add to the principal IAM policy:
- apigatewayv2
- comprehend
- globalaccelerator
- imagebuilder
- lex
- transfer
- wafv2

## v0.33.1
- Fix populate reset queue when dynamodb returns paginated result
- Add account status to last evaluated key when querying account table using global secondary index
Expand Down
16 changes: 15 additions & 1 deletion docs/iam-policies.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which
"acm:*",
"acm-pca:*",
"apigateway:*",
"apigatewayv2:*",
"application-autoscaling:*",
"appstream:*",
"athena:*",
Expand All @@ -108,6 +109,7 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which
"cognito-identity:*",
"cognito-idp:*",
"cognito-sync:*",
"comprehend:*",
"config:*",
"datapipeline:*",
"dax:*",
Expand All @@ -127,16 +129,22 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which
"elastictranscoder:*",
"es:*",
"events:*",
"execute-api:*",
"firehose:*",
"fsx:*",
"globalaccelerator:*",
"glue:*",
"iam:*",
"imagebuilder:*",
"iot:*",
"iotanalytics:*",
"kafka:*",
"kinesis:*",
"kinesisanalytics:*",
"kinesisvideo:*",
"kms:*",
"lambda:*",
"lex-models:*",
"lightsail:*",
"logs:*",
"machinelearning:*",
Expand All @@ -149,10 +157,12 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which
"mq:*",
"neptune-db:*",
"opsworks:*",
"opsworks-cm:*",
"rds:*",
"redshift:*",
"rekognition:*",
"resource-groups:*",
"robomaker:*",
"route53:*",
"s3:*",
"sagemaker:*",
Expand All @@ -168,8 +178,12 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which
"states:*",
"storagegateway:*",
"sts:*",
"waf-regional:*",
"tag:*",
"transfer:*",
"waf:*",
"wafv2:*",
"waf-regional:*",
"worklink:*",
"workspaces:*"
],
"Resource": "*"
Expand Down
8 changes: 8 additions & 0 deletions docs/policies.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which
"acm:*",
"acm-pca:*",
"apigateway:*",
"apigatewayv2:*",
"application-autoscaling:*",
"appstream:*",
"athena:*",
Expand All @@ -75,6 +76,7 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which
"codestar:*",
"cognito-identity:*",
"cognito-idp:*",
"comprehend:*",
"config:*",
"datapipeline:*",
"dax:*",
Expand All @@ -97,15 +99,19 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which
"execute-api:*",
"firehose:*",
"fsx:*",
"globalaccelerator:*",
"glue:*",
"iam:*",
"imagebuilder:*",
"iot:*",
"iotanalytics:*",
"kafka:*",
"kinesis:*",
"kinesisanalytics:*",
"kinesisvideo:*",
"kms:*",
"lambda:*",
"lex-models:*",
"lightsail:*",
"logs:*",
"machinelearning:*",
Expand Down Expand Up @@ -138,7 +144,9 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which
"storagegateway:*",
"sts:*",
"tag:*",
"transfer:*",
"waf:*",
"wafv2:*",
"waf-regional:*",
"worklink:*",
"workspaces:*"
Expand Down
2 changes: 0 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,13 @@ go 1.15

require (
github.com/360EntSecGroup-Skylar/excelize v1.4.1
github.com/AlekSi/gocov-xml v0.0.0-20190121064608-3a14fb1c4737 // indirect
github.com/Bowery/prompt v0.0.0-20190419144237-972d0ceb96f5 // indirect
github.com/Joker/jade v1.0.0 // indirect
github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
github.com/avast/retry-go v2.6.0+incompatible
github.com/aws/aws-lambda-go v1.19.1
github.com/aws/aws-sdk-go v1.34.20
github.com/awslabs/aws-lambda-go-api-proxy v0.8.0
github.com/axw/gocov v1.0.0 // indirect
github.com/caarlos0/env v3.5.0+incompatible
github.com/dchest/safefile v0.0.0-20151022103144-855e8d98f185 // indirect
github.com/flosch/pongo2 v0.0.0-20190707114632-bbf5a6c351f4 // indirect
Expand Down
7 changes: 7 additions & 0 deletions modules/fixtures/policies/principal_policy.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@
"acm:*",
"acm-pca:*",
"apigateway:*",
"apigatewayv2:*",
"application-autoscaling:*",
"appstream:*",
"athena:*",
Expand All @@ -92,6 +93,7 @@
"codestar:*",
"cognito-identity:*",
"cognito-idp:*",
"comprehend:*",
"config:*",
"datapipeline:*",
"dax:*",
Expand All @@ -114,8 +116,10 @@
"execute-api:*",
"firehose:*",
"fsx:*",
"globalaccelerator:*",
"glue:*",
"iam:*",
"imagebuilder:*",
"iot:*",
"iotanalytics:*",
"kafka:*",
Expand All @@ -124,6 +128,7 @@
"kinesisvideo:*",
"kms:*",
"lambda:*",
"lex-models:*",
"lightsail:*",
"logs:*",
"machinelearning:*",
Expand Down Expand Up @@ -156,7 +161,9 @@
"storagegateway:*",
"sts:*",
"tag:*",
"transfer:*",
"waf:*",
"wafv2:*",
"waf-regional:*",
"worklink:*",
"workspaces:*"
Expand Down

0 comments on commit 2282393

Please sign in to comment.