Skip to content

Commit

Permalink
permisionChange
Browse files Browse the repository at this point in the history
  • Loading branch information
@jjzhangjjzhang
jjzhangjjzhang committed Dec 9, 2023
1 parent b868fe3 commit 0a010bc
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 68 deletions.
39 changes: 5 additions & 34 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,40 +101,8 @@ The audit policy is comprised of the following permissions:
| SSO | sso:DescribeAccountAssignmentDeletionStatus | * |
| | sso:DescribeInstanceAccessControlAttributeConfiguration | |
| | sso:GetInlinePolicyForPermissionSet | |
| APIGATEWAY | apigateway:GetApiKeys | * |
| | apigateway:GetAuthorizers | |
| | apigateway:GetBasePathMappings | |
| | apigateway:GetClientCertificates | |
| | apigateway:GetDeployments | |
| | apigateway:GetDocumentationParts | |
| | apigateway:GetDocumentationVersions | |
| | apigateway:GetDomainNames | |
| | apigateway:GetGatewayResponses | |
| | apigateway:GetModels | |
| | apigateway:GetModelTemplate | |
| | apigateway:GetRequestValidators | |
| | apigateway:GetResources | |
| | apigateway:GetRestApis | |
| | apigateway:GetSdk | |
| | apigateway:GetSdkTypes | |
| | apigateway:GetStages | |
| | apigateway:GetTags | |
| | apigateway:GetUsagePlanKeys | |
| | apigateway:GetUsagePlans | |
| | apigateway:GetVpcLinks | |
| APIGATEWAYV2 | apigatewayv2:GetApis | * |
| | apigatewayv2:GetApiMappings | |
| | apigatewayv2:GetAuthorizers | |
| | apigatewayv2:GetDeployments | |
| | apigatewayv2:GetDomainNames | |
| | apigatewayv2:GetIntegrations | |
| | apigatewayv2:GetIntegrationResponses | |
| | apigatewayv2:GetModelTemplate | |
| | apigatewayv2:GetModels | |
| | apigatewayv2:GetRoute | |
| | apigatewayv2:GetRouteResponses | |
| | apigatewayv2:GetStages | |
| | apigatewayv2:GetVpcLinks | |
| APIGATEWAY | apigateway:GET | * |
| APIGATEWAYV2 | apigatewayv2:GET | * |
| WAFREGIONAL | waf-regional:ListRules | * |
| | waf-regional:GetRule | |
| | waf-regional:ListRuleGroups | |
Expand All @@ -145,3 +113,6 @@ The audit policy is comprised of the following permissions:
| | glue:GetTags | |
| CODEBUILD | codebuild:ListBuilds | * |
| | codebuild:BatchGetBuilds | |
| SNS | sns:GetDataProtectionPolicy | * |
| | sns:ListPlatformApplications | |
| | sns:GetSubscriptionAttributes | |
44 changes: 10 additions & 34 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,45 +93,13 @@ data "aws_iam_policy_document" "lacework_audit_policy" {

statement {
sid = "APIGATEWAY"
actions = ["apigateway:GetApiKeys",
"apigateway:GetAuthorizers",
"apigateway:GetBasePathMappings",
"apigateway:GetClientCertificates",
"apigateway:GetDeployments",
"apigateway:GetDocumentationParts",
"apigateway:GetDocumentationVersions",
"apigateway:GetDomainNames",
"apigateway:GetGatewayResponses",
"apigateway:GetModels",
"apigateway:GetModelTemplate",
"apigateway:GetRequestValidators",
"apigateway:GetResources",
"apigateway:GetRestApis",
"apigateway:GetSdk",
"apigateway:GetSdkTypes",
"apigateway:GetStages",
"apigateway:GetTags",
"apigateway:GetUsagePlanKeys",
"apigateway:GetUsagePlans",
"apigateway:GetVpcLinks"]
actions = ["apigateway:GET"]
resources = ["*"]
}

statement {
sid = "APIGATEWAYV2"
actions = ["apigatewayv2:GetApis",
"apigatewayv2:GetApiMappings",
"apigatewayv2:GetAuthorizers",
"apigatewayv2:GetDeployments",
"apigatewayv2:GetDomainNames",
"apigatewayv2:GetIntegrations",
"apigatewayv2:GetIntegrationResponses",
"apigatewayv2:GetModelTemplate",
"apigatewayv2:GetModels",
"apigatewayv2:GetRoute",
"apigatewayv2:GetRouteResponses",
"apigatewayv2:GetStages",
"apigatewayv2:GetVpcLinks"]
actions = ["apigatewayv2:GET"]
resources = ["*"]
}
statement {
Expand All @@ -151,6 +119,14 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
resources = ["*"]
}

statement {
sid = "SNS"
actions = ["sns:GetDataProtectionPolicy",
"sns:ListPlatformApplications",
"sns:GetSubscriptionAttributes",
]
resources = ["*"]
}
statement {
sid = "CODEBUILD"
actions = ["codebuild:ListBuilds",
Expand Down

0 comments on commit 0a010bc

Please sign in to comment.