Skip to content

Commit

Permalink
Merge branch 'main' into RAIN-94027-compute-optimizer-permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@yingxinl
yingxinl authored Dec 3, 2024
2 parents 720fc76 + c2154c6 commit 61a7435
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 2 deletions.
26 changes: 25 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,31 @@ The audit policy is comprised of the following permissions:
| | ses:ListRecommendations | |
| | ses:ListSuppressedDestinations | |
| | ses:GetSuppressedDestination | |
| COMPUTEOPTIMIZER | compute-optimizer:DescribeRecommendationExportJobs | * |
| BACKUP | backup:ListBackupJobs | * |
| | backup:DescribeBackupJob | |
| | backup:ListBackupPlanTemplates | |
| | backup:GetBackupPlanFromTemplate | |
| | backup:ListBackupPlans | |
| | backup:GetBackupPlan | |
| | backup:ListBackupPlanVersions | |
| | backup:ListBackupSelections | |
| | backup:GetBackupSelection | |
| | backup:DescribeBackupVault | |
| | backup:ListRecoveryPointsByBackupVault | |
| | backup:DescribeRecoveryPoint | |
| | backup:GetRecoveryPointRestoreMetadata | |
| | backup:ListCopyJobs | |
| | backup:ListFrameworks | |
| | backup:DescribeFramework | |
| | backup:ListLegalHolds | |
| | backup:GetLegalHold | |
| | backup:ListRecoveryPointsByLegalHold | |
| | backup:ListProtectedResources | |
| | backup:DescribeProtectedResource | |
| | backup:ListRecoveryPointsByResource | |
| | backup:ListReportPlans | |
| | backup:ListRestoreJobs | |
| COMPUTEOPTIMIZER | compute-optimizer:DescribeRecommendationExportJobs | * |
| | compute-optimizer:GetAutoScalingGroupRecommendations | |
| | compute-optimizer:GetEffectiveRecommendationPreferences | |
| | compute-optimizer:GetEBSVolumeRecommendations | |
Expand Down
32 changes: 31 additions & 1 deletion main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
resources = ["*"]
}

statement {
statement {
sid = "SES"
actions = ["ses:ListContactLists",
"ses:GetContactList",
Expand All @@ -181,6 +181,36 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
resources = ["*"]
}

statement {
sid = "BACKUP"
actions = ["backup:ListBackupJobs",
"backup:DescribeBackupJob",
"backup:ListBackupPlanTemplates",
"backup:GetBackupPlanFromTemplate",
"backup:ListBackupPlans",
"backup:GetBackupPlan",
"backup:ListBackupPlanVersions",
"backup:ListBackupSelections",
"backup:GetBackupSelection",
"backup:DescribeBackupVault",
"backup:ListRecoveryPointsByBackupVault",
"backup:DescribeRecoveryPoint",
"backup:GetRecoveryPointRestoreMetadata",
"backup:ListCopyJobs",
"backup:ListFrameworks",
"backup:DescribeFramework",
"backup:ListLegalHolds",
"backup:GetLegalHold",
"backup:ListRecoveryPointsByLegalHold",
"backup:ListProtectedResources",
"backup:DescribeProtectedResource",
"backup:ListRecoveryPointsByResource",
"backup:ListReportPlans",
"backup:ListRestoreJobs",
]
resources = ["*"]
}

statement {
sid = "COMPUTEOPTIMIZER"
actions = [
Expand Down

0 comments on commit 61a7435

Please sign in to comment.