From 53f097c2af2d7e2b36d078f96d23a1f0facc9c5a Mon Sep 17 00:00:00 2001
From: Dominick Bellizzi <dmb27@cornell.edu>
Date: Fri, 6 Dec 2019 14:49:36 -0800
Subject: [PATCH 1/2] Add "access-analyzer:ListTagsForResource" to
 prowler-additions-policy.json

check extra769 (Check if IAM Access Analyzer is enabled and its findings) requires this IAM permission
---
 iam/prowler-additions-policy.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/iam/prowler-additions-policy.json b/iam/prowler-additions-policy.json
index c706b6f4..ef6cc42c 100644
--- a/iam/prowler-additions-policy.json
+++ b/iam/prowler-additions-policy.json
@@ -3,6 +3,7 @@
   "Statement": [
       {
           "Action": [
+              "access-analyzer:ListTagsForResource",
               "apigateway:get*",
               "apigatewayv2:get*",
               "aws-marketplace:viewsubscriptions",
@@ -103,4 +104,4 @@
           "Resource": "*"
       }
   ]
-}
\ No newline at end of file
+}

From 7cb869ad3337828fdd58b824ff22931f68501cf7 Mon Sep 17 00:00:00 2001
From: Dominick Bellizzi <dmb27@cornell.edu>
Date: Thu, 12 Dec 2019 09:36:19 -0800
Subject: [PATCH 2/2] use more generic access-analyzer:List*

---
 iam/prowler-additions-policy.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iam/prowler-additions-policy.json b/iam/prowler-additions-policy.json
index ef6cc42c..c95b05f2 100644
--- a/iam/prowler-additions-policy.json
+++ b/iam/prowler-additions-policy.json
@@ -3,7 +3,7 @@
   "Statement": [
       {
           "Action": [
-              "access-analyzer:ListTagsForResource",
+              "access-analyzer:List*",
               "apigateway:get*",
               "apigatewayv2:get*",
               "aws-marketplace:viewsubscriptions",