From 84b4139052ddbb03c5f2b23b3c53bd9521acdb56 Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Thu, 11 May 2023 11:35:32 +0200 Subject: [PATCH] chore(iam): add new permissions (#2339) --- permissions/prowler-additions-policy.json | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/permissions/prowler-additions-policy.json b/permissions/prowler-additions-policy.json index 4fab6f87..f6a1ae4e 100644 --- a/permissions/prowler-additions-policy.json +++ b/permissions/prowler-additions-policy.json @@ -6,28 +6,33 @@ "account:Get*", "appstream:Describe*", "appstream:List*", + "backup:List*", + "cloudtrail:GetInsightSelectors", "codeartifact:List*", "codebuild:BatchGet*", - "ds:Describe*", + "drs:Describe*", "ds:Get*", + "ds:Describe*", "ds:List*", "ec2:GetEbsEncryptionByDefault", "ecr:Describe*", + "ecr:GetRegistryScanningConfiguration", "elasticfilesystem:DescribeBackupPolicy", "glue:GetConnections", "glue:GetSecurityConfiguration*", "glue:SearchTables", "lambda:GetFunction*", + "logs:FilterLogEvents", "macie2:GetMacieSession", "s3:GetAccountPublicAccessBlock", "shield:DescribeProtection", "shield:GetSubscriptionState", + "securityhub:BatchImportFindings", + "securityhub:GetFindings", "ssm:GetDocument", + "ssm-incidents:List*", "support:Describe*", - "tag:GetTagKeys", - "organizations:DescribeOrganization", - "organizations:ListPolicies*", - "organizations:DescribePolicy" + "tag:GetTagKeys" ], "Resource": "*", "Effect": "Allow", @@ -39,7 +44,8 @@ "apigateway:GET" ], "Resource": [ - "arn:aws:apigateway:*::/restapis/*" + "arn:aws:apigateway:*::/restapis/*", + "arn:aws:apigateway:*::/apis/*" ] } ]