From 295bb74acffa11d22e9de82cff6817d7ef6f4add Mon Sep 17 00:00:00 2001 From: ChrisGoKim Date: Tue, 3 May 2022 05:34:12 -0400 Subject: [PATCH] fix(additions-policy): Updated multi-org ProwlerRole.yaml (#1123) --- util/org-multi-account/ProwlerRole.yaml | 28 ++++++++----------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/util/org-multi-account/ProwlerRole.yaml b/util/org-multi-account/ProwlerRole.yaml index 122a7ec9..1029352d 100644 --- a/util/org-multi-account/ProwlerRole.yaml +++ b/util/org-multi-account/ProwlerRole.yaml @@ -75,30 +75,20 @@ Resources: Effect: Allow Resource: "*" Action: - - access-analyzer:List* - - apigateway:Get* - - apigatewayv2:Get* - - aws-marketplace:ViewSubscriptions - - dax:ListTables - ds:ListAuthorizedApplications - - ds:DescribeRoles - ec2:GetEbsEncryptionByDefault - ecr:Describe* - - lambda:GetAccountSettings - - lambda:GetFunctionConfiguration - - lambda:GetLayerVersionPolicy - - lambda:GetPolicy - - opsworks-cm:Describe* - - opsworks:Describe* - - secretsmanager:ListSecretVersionIds - - sns:List* - - sqs:ListQueueTags - - states:ListActivities + - elasticfilesystem:DescribeBackupPolicy + - glue:GetConnections + - glue:GetSecurityConfiguration + - glue:SearchTables + - lambda:GetFunction + - s3:GetAccountPublicAccessBlock + - shield:DescribeProtection + - shield:GetSubscriptionState + - ssm:GetDocument - support:Describe* - tag:GetTagKeys - - shield:GetSubscriptionState - - shield:DescribeProtection - - elasticfilesystem:DescribeBackupPolicy - PolicyName: Prowler-S3-Reports PolicyDocument: Version: 2012-10-17