Misc prowler fixes

2026-02-10 14:55:00 +00:00 · 2019-11-13 22:49:32 -05:00
parent 2e181920ab
commit 3a893889b6
14 changed files with 192 additions and 60 deletions
--- a/util/multi-account/Audit_Exec_Role.yaml
+++ b/util/multi-account/Audit_Exec_Role.yaml
@@ -50,18 +50,20 @@ Resources:
                Action:
                  - "acm:describecertificate"
                  - "acm:listcertificates"
+                  - "apigateway:GET"
+                  - "cloudtrail:GetEventSelectors"
+                  - "ec2:GetEbsEncryptionByDefault"
                  - "es:describeelasticsearchdomainconfig"
-                  - "logs:DescribeLogGroups"
-                  - "logs:DescribeMetricFilters"
-                  - "ses:getidentityverificationattributes"
-                  - "sns:listsubscriptionsbytopic"
                  - "guardduty:ListDetectors"
                  - "guardduty:GetDetector"
-                  - "S3:GetEncryptionConfiguration"
-                  - "trustedadvisor:Describe*"
-                  - "cloudtrail:GetEventSelectors"
-                  - "apigateway:GET"
+                  - "logs:DescribeLogGroups"
+                  - "logs:DescribeMetricFilters"
+                  - "s3:GetEncryptionConfiguration"
+                  - "ses:getidentityverificationattributes"
+                  - "sns:listsubscriptionsbytopic"
                  - "support:*"
+                  - "trustedadvisor:Describe*"
+
    Metadata:
      cfn_nag:
        rules_to_suppress:
--- a/util/multi-account/Audit_Pipeline.yaml
+++ b/util/multi-account/Audit_Pipeline.yaml
@@ -301,9 +301,6 @@ Resources:
            discard-paths: no
            base-directory: out

-
-
-
  ProwlerAuditTriggerRole:
    Type: AWS::IAM::Role
    Properties: