From 26d310e35b50f783603882568f11c83f0e948a37 Mon Sep 17 00:00:00 2001
From: Toni de la Fuente <c054617@yara.com>
Date: Thu, 29 Jul 2021 18:37:57 +0200
Subject: [PATCH] Updated Prowler additions policy

---
 iam/prowler-additions-policy.json                |  1 +
 .../codebuild-prowler-audit-account-cfn.yaml     | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/iam/prowler-additions-policy.json b/iam/prowler-additions-policy.json
index 4ef43c5a..f0285c24 100644
--- a/iam/prowler-additions-policy.json
+++ b/iam/prowler-additions-policy.json
@@ -10,6 +10,7 @@
                 "tag:GetTagKeys",
 		        "lambda:GetFunction",
                 "glue:GetConnections",
+                "glue:SearchTables",
                 "s3:GetAccountPublicAccessBlock"
             ],
             "Resource": "*",
diff --git a/util/codebuild/codebuild-prowler-audit-account-cfn.yaml b/util/codebuild/codebuild-prowler-audit-account-cfn.yaml
index 1022da6e..1af61a7a 100644
--- a/util/codebuild/codebuild-prowler-audit-account-cfn.yaml
+++ b/util/codebuild/codebuild-prowler-audit-account-cfn.yaml
@@ -179,6 +179,22 @@ Resources:
                   - s3:GetBucketLocation
                 Effect: Allow
                 Resource: !Sub 'arn:aws:s3:::${ArtifactBucket}/*'
+        - PolicyName: ProwlerAdditions
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Action:
+                  - s3:GetAccountPublicAccessBlock
+                  - glue:GetConnections
+                  - glue:SearchTables
+                  - ds:ListAuthorizedApplications
+                  - ec2:GetEbsEncryptionByDefault
+                  - ecr:Describe*
+                  - support:Describe*
+                  - tag:GetTagKeys
+                  - lambda:GetFunction
+                Effect: Allow
+                Resource: !Sub 'arn:aws:glue:${AWS::Region}:${AWS::AccountId}:catalog'
         - PolicyName: CodeBuild
           PolicyDocument:
             Version: '2012-10-17'