ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add missing permissions for prowler policy

Browse Source
This commit is contained in:
Daniel Petty
2018-10-08 15:11:27 -06:00
committed by GitHub
parent bcbabc0239
commit 04c627577b
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -218,6 +218,7 @@ Instead of using default policy SecurityAudit for the account you use for checks
"Action": [ "Action": [
"acm:describecertificate", "acm:describecertificate",
"acm:listcertificates", "acm:listcertificates",
"apigateway:get",
"autoscaling:describe*", "autoscaling:describe*",
"cloudformation:describestack*", "cloudformation:describestack*",
"cloudformation:getstackpolicy", "cloudformation:getstackpolicy",
@@ -226,6 +227,7 @@ Instead of using default policy SecurityAudit for the account you use for checks
"cloudfront:get*", "cloudfront:get*",
"cloudfront:list*", "cloudfront:list*",
"cloudtrail:describetrails", "cloudtrail:describetrails",
"cloudtrail:geteventselectors",
"cloudtrail:gettrailstatus", "cloudtrail:gettrailstatus",
"cloudtrail:listtags", "cloudtrail:listtags",
"cloudwatch:describe*", "cloudwatch:describe*",
@@ -250,6 +252,7 @@ Instead of using default policy SecurityAudit for the account you use for checks
"directconnect:describe*", "directconnect:describe*",
"dynamodb:listtables", "dynamodb:listtables",
"ec2:describe*", "ec2:describe*",
"ecr:describe*",
"ecs:describe*", "ecs:describe*",
"ecs:list*", "ecs:list*",
"elasticache:describe*", "elasticache:describe*",
@@ -262,6 +265,7 @@ Instead of using default policy SecurityAudit for the account you use for checks
"firehose:describe*", "firehose:describe*",
"firehose:list*", "firehose:list*",
"glacier:listvaults", "glacier:listvaults",
"guardduty:listdetectors",
"iam:generatecredentialreport", "iam:generatecredentialreport",
"iam:get*", "iam:get*",
"iam:list*", "iam:list*",
@@ -289,6 +293,7 @@ Instead of using default policy SecurityAudit for the account you use for checks
"route53:listhealthchecks", "route53:listhealthchecks",
"route53:listhostedzones", "route53:listhostedzones",
"route53:listhostedzonesbyname", "route53:listhostedzonesbyname",
"route53:listqueryloggingconfigs",
"route53:listresourcerecordsets", "route53:listresourcerecordsets",
"route53:listreusabledelegationsets", "route53:listreusabledelegationsets",
"route53:listtagsforresource", "route53:listtagsforresource",