ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 06:45:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: CFN codebuild example (#1030)

Browse Source 
Since 2.7.0 this template failed:

```
An error occurred (AccessDeniedException) when calling the GetSubscriptionState operation: User: arn:aws:sts::863046042023:assumed-role/prowler-codebuild-role/AWSCodeBuild-2c3151c9-7c5d-4618-94e5-0234bddce775 is not authorized to perform: shield:GetSubscriptionState on resource: arn:aws:shield::863046042023:subscription/* because no identity-based policy allows the shield:GetSubscriptionState action
       INFO! No AWS Shield Advanced subscription found. Skipping check. 
7.167 [extra7167] Check if Cloudfront distributions are protected by AWS Shield Advanced - shield [Medium]
```

I aligned it with https://github.com/prowler-cloud/prowler/blob/master/iam/prowler-additions-policy.json#L19 .
This commit is contained in:
Martin Muller
2022-02-04 18:09:53 +01:00
committed by GitHub
parent 30ce25300f
commit 7e90389dab
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
util/codebuild/codebuild-prowler-audit-account-cfn.yaml
View File

@@ -198,7 +198,7 @@ Resources:
- shield:DescribeProtection
- elasticfilesystem:DescribeBackupPolicy
Effect: Allow
Resource: !Sub 'arn:aws:glue:${AWS::Region}:${AWS::AccountId}:catalog'
Resource: '*'
- PolicyName: CodeBuild
PolicyDocument:
Version: '2012-10-17'