From 0a313fe091e1f30b40d814a020d9c95814b61da1 Mon Sep 17 00:00:00 2001 From: LMAX-iwnf Date: Tue, 17 Dec 2024 16:11:18 -0800 Subject: [PATCH] Add permission for AMP (#121) --- README.md | 8 ++++++++ main.tf | 14 ++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/README.md b/README.md index 37ce4cc..17f37ff 100644 --- a/README.md +++ b/README.md @@ -182,3 +182,11 @@ The audit policy is comprised of the following permissions: | | kinesisanalytics:ListApplicationVersions | | | | kinesisanalytics:DescribeApplicationVersion | | | | kinesisanalytics:DescribeApplication | | +| AMP | aps:ListScrapers | * | +| | aps:DescribeScraper | | +| | aps:ListWorkspaces | | +| | aps:DescribeAlertManagerDefinition | | +| | aps:DescribeLoggingConfiguration | | +| | aps:DescribeWorkspace | | +| | aps:ListRuleGroupsNamespaces | | +| | aps:DescribeRuleGroupsNamespace | | \ No newline at end of file diff --git a/main.tf b/main.tf index b23376b..f32f6dc 100644 --- a/main.tf +++ b/main.tf @@ -248,6 +248,20 @@ data "aws_iam_policy_document" "lacework_audit_policy" { ] resources = ["*"] } + + statement { + sid = "AMP" + actions = ["aps:ListScrapers", + "aps:DescribeScraper", + "aps:ListWorkspaces", + "aps:DescribeAlertManagerDefinition", + "aps:DescribeLoggingConfiguration", + "aps:DescribeWorkspace", + "aps:ListRuleGroupsNamespaces", + "aps:DescribeRuleGroupsNamespace", + ] + resources = ["*"] + } } resource "aws_iam_policy" "lacework_audit_policy" {