From 22823931759e39fcf3bcf0e01fab3889a54e29eb Mon Sep 17 00:00:00 2001 From: Jaya Nanda Date: Wed, 18 Nov 2020 12:01:33 -0500 Subject: [PATCH] Add to the principal IAM policy --- CHANGELOG.md | 10 ++++++++++ docs/iam-policies.md | 16 +++++++++++++++- docs/policies.md | 8 ++++++++ go.mod | 2 -- modules/fixtures/policies/principal_policy.tmpl | 7 +++++++ 5 files changed, 40 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d0556efd8..8b3d1f6c5 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +## v0.33.2 +- Add to the principal IAM policy: + - apigatewayv2 + - comprehend + - globalaccelerator + - imagebuilder + - lex + - transfer + - wafv2 + ## v0.33.1 - Fix populate reset queue when dynamodb returns paginated result - Add account status to last evaluated key when querying account table using global secondary index diff --git a/docs/iam-policies.md b/docs/iam-policies.md index 3b04324cc..71ac27742 100644 --- a/docs/iam-policies.md +++ b/docs/iam-policies.md @@ -84,6 +84,7 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which "acm:*", "acm-pca:*", "apigateway:*", + "apigatewayv2:*", "application-autoscaling:*", "appstream:*", "athena:*", @@ -108,6 +109,7 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which "cognito-identity:*", "cognito-idp:*", "cognito-sync:*", + "comprehend:*", "config:*", "datapipeline:*", "dax:*", @@ -127,16 +129,22 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which "elastictranscoder:*", "es:*", "events:*", + "execute-api:*", "firehose:*", "fsx:*", + "globalaccelerator:*", "glue:*", "iam:*", + "imagebuilder:*", "iot:*", "iotanalytics:*", "kafka:*", "kinesis:*", + "kinesisanalytics:*", + "kinesisvideo:*", "kms:*", "lambda:*", + "lex-models:*", "lightsail:*", "logs:*", "machinelearning:*", @@ -149,10 +157,12 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which "mq:*", "neptune-db:*", "opsworks:*", + "opsworks-cm:*", "rds:*", "redshift:*", "rekognition:*", "resource-groups:*", + "robomaker:*", "route53:*", "s3:*", "sagemaker:*", @@ -168,8 +178,12 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which "states:*", "storagegateway:*", "sts:*", - "waf-regional:*", + "tag:*", + "transfer:*", "waf:*", + "wafv2:*", + "waf-regional:*", + "worklink:*", "workspaces:*" ], "Resource": "*" diff --git a/docs/policies.md b/docs/policies.md index e31c21844..b7c6b4491 100644 --- a/docs/policies.md +++ b/docs/policies.md @@ -54,6 +54,7 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which "acm:*", "acm-pca:*", "apigateway:*", + "apigatewayv2:*", "application-autoscaling:*", "appstream:*", "athena:*", @@ -75,6 +76,7 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which "codestar:*", "cognito-identity:*", "cognito-idp:*", + "comprehend:*", "config:*", "datapipeline:*", "dax:*", @@ -97,15 +99,19 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which "execute-api:*", "firehose:*", "fsx:*", + "globalaccelerator:*", "glue:*", "iam:*", + "imagebuilder:*", "iot:*", + "iotanalytics:*", "kafka:*", "kinesis:*", "kinesisanalytics:*", "kinesisvideo:*", "kms:*", "lambda:*", + "lex-models:*", "lightsail:*", "logs:*", "machinelearning:*", @@ -138,7 +144,9 @@ Implementing DCE in an AWS Organization provides the ability to use SCPs, which "storagegateway:*", "sts:*", "tag:*", + "transfer:*", "waf:*", + "wafv2:*", "waf-regional:*", "worklink:*", "workspaces:*" diff --git a/go.mod b/go.mod index d20cc185f..382b6da00 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,6 @@ go 1.15 require ( github.com/360EntSecGroup-Skylar/excelize v1.4.1 - github.com/AlekSi/gocov-xml v0.0.0-20190121064608-3a14fb1c4737 // indirect github.com/Bowery/prompt v0.0.0-20190419144237-972d0ceb96f5 // indirect github.com/Joker/jade v1.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect @@ -12,7 +11,6 @@ require ( github.com/aws/aws-lambda-go v1.19.1 github.com/aws/aws-sdk-go v1.34.20 github.com/awslabs/aws-lambda-go-api-proxy v0.8.0 - github.com/axw/gocov v1.0.0 // indirect github.com/caarlos0/env v3.5.0+incompatible github.com/dchest/safefile v0.0.0-20151022103144-855e8d98f185 // indirect github.com/flosch/pongo2 v0.0.0-20190707114632-bbf5a6c351f4 // indirect diff --git a/modules/fixtures/policies/principal_policy.tmpl b/modules/fixtures/policies/principal_policy.tmpl index 83034581d..2800cf03a 100644 --- a/modules/fixtures/policies/principal_policy.tmpl +++ b/modules/fixtures/policies/principal_policy.tmpl @@ -71,6 +71,7 @@ "acm:*", "acm-pca:*", "apigateway:*", + "apigatewayv2:*", "application-autoscaling:*", "appstream:*", "athena:*", @@ -92,6 +93,7 @@ "codestar:*", "cognito-identity:*", "cognito-idp:*", + "comprehend:*", "config:*", "datapipeline:*", "dax:*", @@ -114,8 +116,10 @@ "execute-api:*", "firehose:*", "fsx:*", + "globalaccelerator:*", "glue:*", "iam:*", + "imagebuilder:*", "iot:*", "iotanalytics:*", "kafka:*", @@ -124,6 +128,7 @@ "kinesisvideo:*", "kms:*", "lambda:*", + "lex-models:*", "lightsail:*", "logs:*", "machinelearning:*", @@ -156,7 +161,9 @@ "storagegateway:*", "sts:*", "tag:*", + "transfer:*", "waf:*", + "wafv2:*", "waf-regional:*", "worklink:*", "workspaces:*"