fix(additions-policy): Updated multi-org ProwlerRole.yaml (#1123)

2026-02-10 14:55:00 +00:00 · 2022-05-03 05:34:12 -04:00
parent 59abd2bd5b
commit 295bb74acf
1 changed files with 9 additions and 19 deletions
--- a/util/org-multi-account/ProwlerRole.yaml
+++ b/util/org-multi-account/ProwlerRole.yaml
@@ -75,30 +75,20 @@ Resources:
                Effect: Allow
                Resource: "*"
                Action:
                  - access-analyzer:List*
                  - apigateway:Get*
                  - apigatewayv2:Get*
                  - aws-marketplace:ViewSubscriptions
                  - dax:ListTables
                  - ds:ListAuthorizedApplications
                  - ds:DescribeRoles
                  - ec2:GetEbsEncryptionByDefault
                  - ecr:Describe*
-                  - lambda:GetAccountSettings
+                  - elasticfilesystem:DescribeBackupPolicy
-                  - lambda:GetFunctionConfiguration
+                  - glue:GetConnections
-                  - lambda:GetLayerVersionPolicy
+                  - glue:GetSecurityConfiguration
-                  - lambda:GetPolicy
+                  - glue:SearchTables
-                  - opsworks-cm:Describe*
+                  - lambda:GetFunction
-                  - opsworks:Describe*
+                  - s3:GetAccountPublicAccessBlock
-                  - secretsmanager:ListSecretVersionIds
+                  - shield:DescribeProtection
-                  - sns:List*
+                  - shield:GetSubscriptionState
-                  - sqs:ListQueueTags
+                  - ssm:GetDocument
                  - states:ListActivities
                  - support:Describe*
                  - tag:GetTagKeys
                  - shield:GetSubscriptionState
                  - shield:DescribeProtection
                  - elasticfilesystem:DescribeBackupPolicy
        - PolicyName: Prowler-S3-Reports
          PolicyDocument:
            Version: 2012-10-17