Add permission for AMP (#121)

lacework · Dec 18, 2024 · 0a313fe · 0a313fe
1 parent 86b54bd
commit 0a313fe
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -182,3 +182,11 @@ The audit policy is comprised of the following permissions:
 |                            | kinesisanalytics:ListApplicationVersions                |           |
 |                            | kinesisanalytics:DescribeApplicationVersion             |           |
 |                            | kinesisanalytics:DescribeApplication                    |           |
+| AMP                        | aps:ListScrapers                                        | *         |
+|                            | aps:DescribeScraper                                     |           |
+|                            | aps:ListWorkspaces                                      |           |
+|                            | aps:DescribeAlertManagerDefinition                      |           |
+|                            | aps:DescribeLoggingConfiguration                        |           |
+|                            | aps:DescribeWorkspace                                   |           |
+|                            | aps:ListRuleGroupsNamespaces                            |           |
+|                            | aps:DescribeRuleGroupsNamespace                         |           |
diff --git a/main.tf b/main.tf
@@ -248,6 +248,20 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     ]
     resources = ["*"]
   }
+
+  statement {
+    sid = "AMP"
+    actions = ["aps:ListScrapers",
+      "aps:DescribeScraper",
+      "aps:ListWorkspaces",
+      "aps:DescribeAlertManagerDefinition",
+      "aps:DescribeLoggingConfiguration",
+      "aps:DescribeWorkspace",
+      "aps:ListRuleGroupsNamespaces",
+      "aps:DescribeRuleGroupsNamespace",
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {