Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/main' into RAIN-94027-compute-op…
Browse files Browse the repository at this point in the history 
…timizer-permissions
  • Loading branch information
@yingxinl
yingxinl committed Dec 4, 2024
2 parents 61a7435 + fb67991 commit 833c70f
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
5 changes: 5 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,11 @@ The audit policy is comprised of the following permissions:
| | backup:ListRecoveryPointsByResource | |
| | backup:ListReportPlans | |
| | backup:ListRestoreJobs | |
| COGNITO-IDP | cognito-idp:GetSigningCertificate | |
| | cognito-idp:GetCSVHeader | |
| | cognito-idp:GetUserPoolMfaConfig | |
| | cognito-idp:GetUICustomization | |

| COMPUTEOPTIMIZER | compute-optimizer:DescribeRecommendationExportJobs | * |
| | compute-optimizer:GetAutoScalingGroupRecommendations | |
| | compute-optimizer:GetEffectiveRecommendationPreferences | |
Expand Down
13 changes: 12 additions & 1 deletion main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
sid = "GLUE"
actions = ["glue:ListWorkflows",
"glue:BatchGetWorkflows",
"glue:GetWorkflows",
"glue:GetTags"]
resources = ["*"]
}
Expand Down Expand Up @@ -210,7 +211,17 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
]
resources = ["*"]
}


statement {
sid = "COGNITOIDP"
actions = ["cognito-idp:GetSigningCertificate",
"cognito-idp:GetCSVHeader",
"cognito-idp:GetUserPoolMfaConfig",
"cognito-idp:GetUICustomization",
]
resources = ["*"]
}

statement {
sid = "COMPUTEOPTIMIZER"
actions = [
Expand Down

0 comments on commit 833c70f

Please sign in to comment.