ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: IAM role

Browse Source
This commit is contained in:
Geoff Singer
2021-08-31 09:05:16 -05:00
parent e621ae465a
commit 066c90028f
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
terraform-kickstarter/main.tf
View File

@@ -267,7 +267,8 @@ output "account_id" {
value = data.aws_caller_identity.current.account_id
}
resource "aws_iam_role" "prowler_kick_start_role" {
name = "security_baseline_kickstarter_iam_role"
depends_on = [aws.iam.policy.prowler_kickstarter_iam_policy]
name = "security_baseline_kickstarter_iam_role"
managed_policy_arns = ["${data.aws_iam_policy.SecurityAudit.arn}",
"arn:aws:iam::aws:policy/job-function/SupportUser",
"arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
@@ -335,7 +336,7 @@ resource "aws_iam_policy" "prowler_kickstarter_iam_policy" {
"logs:PutLogEvents"
],
Effect = "Allow"
Resource = "arn:aws:logs:*:${data.aws_caller_identity.current.account_id}:log_group:*:log_stream:*"
Resource = "arn:aws:logs:*:${data.aws_caller_identity.current.account_id}:log-group:*"
},
{
Action = [
@@ -343,7 +344,7 @@ resource "aws_iam_policy" "prowler_kickstarter_iam_policy" {
"logs:CreateLogGroup"
],
Effect = "Allow"
Resource = "arn:aws:logs:*:${data.aws_caller_identity.current.account_id}:log_group:*"
Resource = "arn:aws:logs:*:${data.aws_caller_identity.current.account_id}:log-group:*"
},
{
Action = ["sts:AssumeRole"],