Updated Prowler additions policy

2026-02-10 06:45:08 +00:00 · 2021-07-29 18:37:57 +02:00
parent 52e04406dc
commit 26d310e35b
2 changed files with 17 additions and 0 deletions
--- a/iam/prowler-additions-policy.json
+++ b/iam/prowler-additions-policy.json
@@ -10,6 +10,7 @@
                "tag:GetTagKeys",
 		        "lambda:GetFunction",
                "glue:GetConnections",
+                "glue:SearchTables",
                "s3:GetAccountPublicAccessBlock"
            ],
            "Resource": "*",
--- a/util/codebuild/codebuild-prowler-audit-account-cfn.yaml
+++ b/util/codebuild/codebuild-prowler-audit-account-cfn.yaml
@@ -179,6 +179,22 @@ Resources:
                  - s3:GetBucketLocation
                Effect: Allow
                Resource: !Sub 'arn:aws:s3:::${ArtifactBucket}/*'
+        - PolicyName: ProwlerAdditions
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Action:
+                  - s3:GetAccountPublicAccessBlock
+                  - glue:GetConnections
+                  - glue:SearchTables
+                  - ds:ListAuthorizedApplications
+                  - ec2:GetEbsEncryptionByDefault
+                  - ecr:Describe*
+                  - support:Describe*
+                  - tag:GetTagKeys
+                  - lambda:GetFunction
+                Effect: Allow
+                Resource: !Sub 'arn:aws:glue:${AWS::Region}:${AWS::AccountId}:catalog'
        - PolicyName: CodeBuild
          PolicyDocument:
            Version: '2012-10-17'