ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prowler IAM Policy Enhancements and ReadMe Updates

Browse Source
This commit is contained in:
Julio Delgado Jr
2020-04-13 12:39:20 -04:00
parent 7f2e097205
commit 05247a2ccb
2 changed files with 58 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
iam/prowler-additions-policy.json
View File

@@ -1,113 +1,33 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"access-analyzer:List*",
"apigateway:get*",
"apigatewayv2:get*",
"aws-marketplace:viewsubscriptions",
"batch:listjobs",
"clouddirectory:listappliedschemaarns",
"clouddirectory:listdevelopmentschemaarns",
"clouddirectory:listpublishedschemaarns",
"cloudformation:list*",
"cloudhsm:listavailablezones",
"cloudsearch:list*",
"cloudwatch:get*",
"cloudwatch:list*",
"codebuild:listbuilds*",
"codestar:verify*",
"cognito-identity:listidentities",
"cognito-idp:list*",
"cognito-sync:listdatasets",
"connect:list*",
"datapipeline:getaccountlimits",
"dax:describeclusters",
"dax:describedefaultparameters",
"dax:describeevents",
"dax:describeparametergroups",
"dax:describeparameters",
"dax:describesubnetgroups",
"dax:describetable",
"dax:listtables",
"devicefarm:list*",
"discovery:list*",
"dms:list*",
"ds:ListAuthorizedApplications",
"ds:DescribeRoles",
"dynamodb:describebackup",
"dynamodb:describeglobaltablesettings",
"dynamodb:describelimits",
"dynamodb:describereservedcapacity",
"dynamodb:describereservedcapacityofferings",
"dynamodb:describestream",
"dynamodb:listtagsofresource",
"ec2:get*",
"ecr:describe*",
"ecr:listimages",
"elasticbeanstalk:listavailablesolutionstacks",
"elasticmapreduce:list*",
"elastictranscoder:list*",
"gamelift:list*",
"glacier:list*",
"importexport:listjobs",
"lambda:GetAccountSettings",
"lambda:GetFunctionConfiguration",
"lambda:GetLayerVersionPolicy",
"lambda:GetPolicy",
"lambda:List*",
"lex:getbotaliases",
"lex:getbotchannelassociations",
"lex:getbots",
"lex:getbotversions",
"lex:getintents",
"lex:getintentversions",
"lex:getslottypes",
"lex:getslottypeversions",
"lex:getutterancesview",
"lightsail:getblueprints",
"lightsail:getbundles",
"lightsail:getinstancesnapshots",
"lightsail:getkeypair",
"lightsail:getregions",
"lightsail:getstaticips",
"lightsail:isvpcpeered",
"machinelearning:describe*",
"mobilehub:listavailablefeatures",
"mobilehub:listavailableregions",
"mobilehub:listprojects",
"mobiletargeting:getapplicationsettings",
"mobiletargeting:getcampaigns",
"mobiletargeting:getimportjobs",
"mobiletargeting:getsegments",
"opsworks-cm:describe*",
"opsworks:describe*",
"polly:describe*",
"polly:list*",
"redshift:viewqueriesinconsole",
"route53domains:list*",
"s3:listbucket",
"sdb:list*",
"secretsmanager:listsecretversionids",
"servicecatalog:list*",
"ses:list*",
"sns:list*",
"sqs:listqueuetags",
"ssm:listassociations",
"states:listactivities",
"support:describe*",
"swf:list*",
"tag:gettagkeys",
"trustedadvisor:describe*",
"waf-regional:list*",
"waf:list*",
"workdocs:describeavailabledirectories",
"workdocs:describeinstances",
"workmail:describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"access-analyzer:List*",
"apigateway:Get*",
"apigatewayv2:Get*",
"aws-marketplace:ViewSubscriptions",
"dax:ListTables",
"ds:ListAuthorizedApplications",
"ds:DescribeRoles",
"ec2:GetEbsEncryptionByDefault",
"ecr:Describe*",
"lambda:GetAccountSettings",
"lambda:GetFunctionConfiguration",
"lambda:GetLayerVersionPolicy",
"lambda:GetPolicy",
"opsworks-cm:Describe*",
"opsworks:Describe*",
"secretsmanager:ListSecretVersionIds",
"sns:List*",
"sqs:ListQueueTags",
"states:ListActivities",
"support:Describe*",
"tag:GetTagKeys"
],
"Resource": "*",
"Effect": "Allow",
"Sid": "AllowMoreReadForProwler"
}
]
}