ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

grant codebuild the ability to assume audit role

Browse Source
This commit is contained in:
Mr. Secure
2019-10-11 21:46:20 -05:00
parent 70304dc2a2
commit 64667ea9d0
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
util/Audit_Exec_Role.yaml
View File

@@ -26,14 +26,19 @@ Resources:
AssumeRolePolicyDocument: AssumeRolePolicyDocument:
Version: "2012-10-17" Version: "2012-10-17"
Statement: Statement:
- - Effect: "Allow"
Effect: "Allow"
Principal: Principal:
AWS: # TODO: review permissions to see if this can be narrowed down - code build only perhaps AWS: # TODO: review permissions to see if this can be narrowed down - code build only perhaps
- !Sub "arn:aws:iam::${AuditorAccountId}:root" - !Sub "arn:aws:iam::${AuditorAccountId}:root"
- !Sub "arn:aws:iam::${AuditorAccountId}:role${AuditRolePathName}"
Action: Action:
- "sts:AssumeRole" - "sts:AssumeRole"
- Effect: "Allow"
Principal:
Service:
- "codebuild.amazonaws.com"
Action:
- "sts:AssumeRole"
# TODO: restrict to only AuditorAccount only
Policies: Policies:
- PolicyName: "ProwlerPolicyAdditions" - PolicyName: "ProwlerPolicyAdditions"
PolicyDocument: PolicyDocument: