From 7e90389dab5d430e8e58dd19626c446bb6fbf71b Mon Sep 17 00:00:00 2001
From: Martin Muller <damadden88@googlemail.com>
Date: Fri, 4 Feb 2022 18:09:53 +0100
Subject: [PATCH] fix: CFN codebuild example (#1030)

Since 2.7.0 this template failed:

```
An error occurred (AccessDeniedException) when calling the GetSubscriptionState operation: User: arn:aws:sts::863046042023:assumed-role/prowler-codebuild-role/AWSCodeBuild-2c3151c9-7c5d-4618-94e5-0234bddce775 is not authorized to perform: shield:GetSubscriptionState on resource: arn:aws:shield::863046042023:subscription/* because no identity-based policy allows the shield:GetSubscriptionState action
       INFO! No AWS Shield Advanced subscription found. Skipping check.
7.167 [extra7167] Check if Cloudfront distributions are protected by AWS Shield Advanced - shield [Medium]
```

I aligned it with https://github.com/prowler-cloud/prowler/blob/master/iam/prowler-additions-policy.json#L19 .
---
 util/codebuild/codebuild-prowler-audit-account-cfn.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/codebuild/codebuild-prowler-audit-account-cfn.yaml b/util/codebuild/codebuild-prowler-audit-account-cfn.yaml
index b2993326..cd89aeff 100644
--- a/util/codebuild/codebuild-prowler-audit-account-cfn.yaml
+++ b/util/codebuild/codebuild-prowler-audit-account-cfn.yaml
@@ -198,7 +198,7 @@ Resources:
                   - shield:DescribeProtection
                   - elasticfilesystem:DescribeBackupPolicy
                 Effect: Allow
-                Resource: !Sub 'arn:aws:glue:${AWS::Region}:${AWS::AccountId}:catalog'
+                Resource: '*'
         - PolicyName: CodeBuild
           PolicyDocument:
             Version: '2012-10-17'