ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated Prowler additions policy

Browse Source
This commit is contained in:
Toni de la Fuente
2021-07-29 18:37:57 +02:00
parent 52e04406dc
commit 26d310e35b
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
iam/prowler-additions-policy.json
View File

@@ -10,6 +10,7 @@
"tag:GetTagKeys", "tag:GetTagKeys",
"lambda:GetFunction", "lambda:GetFunction",
"glue:GetConnections", "glue:GetConnections",
"glue:SearchTables",
"s3:GetAccountPublicAccessBlock" "s3:GetAccountPublicAccessBlock"
], ],
"Resource": "*", "Resource": "*",

16
util/codebuild/codebuild-prowler-audit-account-cfn.yaml
View File

@@ -179,6 +179,22 @@ Resources:
- s3:GetBucketLocation - s3:GetBucketLocation
Effect: Allow Effect: Allow
Resource: !Sub 'arn:aws:s3:::${ArtifactBucket}/*' Resource: !Sub 'arn:aws:s3:::${ArtifactBucket}/*'
- PolicyName: ProwlerAdditions
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- s3:GetAccountPublicAccessBlock
- glue:GetConnections
- glue:SearchTables
- ds:ListAuthorizedApplications
- ec2:GetEbsEncryptionByDefault
- ecr:Describe*
- support:Describe*
- tag:GetTagKeys
- lambda:GetFunction
Effect: Allow
Resource: !Sub 'arn:aws:glue:${AWS::Region}:${AWS::AccountId}:catalog'
- PolicyName: CodeBuild - PolicyName: CodeBuild
PolicyDocument: PolicyDocument:
Version: '2012-10-17' Version: '2012-10-17'