Add missing permissions for prowler policy

2026-02-10 06:45:08 +00:00 · 2018-10-08 15:11:27 -06:00
parent bcbabc0239
commit 04c627577b
1 changed files with 5 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -218,6 +218,7 @@ Instead of using default policy SecurityAudit for the account you use for checks
        "Action": [
            "acm:describecertificate",
            "acm:listcertificates",
+            "apigateway:get",
            "autoscaling:describe*",
            "cloudformation:describestack*",
            "cloudformation:getstackpolicy",
@@ -226,6 +227,7 @@ Instead of using default policy SecurityAudit for the account you use for checks
            "cloudfront:get*",
            "cloudfront:list*",
            "cloudtrail:describetrails",
+            "cloudtrail:geteventselectors",
            "cloudtrail:gettrailstatus",
            "cloudtrail:listtags",
            "cloudwatch:describe*",
@@ -250,6 +252,7 @@ Instead of using default policy SecurityAudit for the account you use for checks
            "directconnect:describe*",
            "dynamodb:listtables",
            "ec2:describe*",
+            "ecr:describe*",
            "ecs:describe*",
            "ecs:list*",
            "elasticache:describe*",
@@ -262,6 +265,7 @@ Instead of using default policy SecurityAudit for the account you use for checks
            "firehose:describe*",
            "firehose:list*",
            "glacier:listvaults",
+            "guardduty:listdetectors",
            "iam:generatecredentialreport",
            "iam:get*",
            "iam:list*",
@@ -289,6 +293,7 @@ Instead of using default policy SecurityAudit for the account you use for checks
            "route53:listhealthchecks",
            "route53:listhostedzones",
            "route53:listhostedzonesbyname",
+            "route53:listqueryloggingconfigs",
            "route53:listresourcerecordsets",
            "route53:listreusabledelegationsets",
            "route53:listtagsforresource",