From cc5da4279709c571aebc73d4fa1419e54163fdd9 Mon Sep 17 00:00:00 2001 From: Dominick Bellizzi Date: Wed, 18 Dec 2019 14:53:09 -0800 Subject: [PATCH 1/2] add lambda:get* to prowler-additions-policy The check: 7.60 [extra760] Find secrets in Lambda functions code (Not Scored) (Not part of CIS benchmark) errors by default, with the following: An error occurred (AccessDeniedException) when calling the GetFunction operation: User: user/prowler is not authorized to perform: lambda:GetFunction on resource: arn:aws:lambda:eu-west-2:347708466071:function:ApiSimpleDelayDDMonitor Adding this policy to be successfully run that check. --- iam/prowler-additions-policy.json | 1 + 1 file changed, 1 insertion(+) diff --git a/iam/prowler-additions-policy.json b/iam/prowler-additions-policy.json index c95b05f2..0f4b24f8 100644 --- a/iam/prowler-additions-policy.json +++ b/iam/prowler-additions-policy.json @@ -50,6 +50,7 @@ "gamelift:list*", "glacier:list*", "importexport:listjobs", + "lambda:get*", "lex:getbotaliases", "lex:getbotchannelassociations", "lex:getbots", From f038074e0c0cdaf2c83cf71bc860f7099036d4fe Mon Sep 17 00:00:00 2001 From: Toni de la Fuente Date: Mon, 27 Jan 2020 18:06:43 -0500 Subject: [PATCH 2/2] Update prowler-additions-policy.json --- iam/prowler-additions-policy.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/iam/prowler-additions-policy.json b/iam/prowler-additions-policy.json index 0f4b24f8..af68b2d9 100644 --- a/iam/prowler-additions-policy.json +++ b/iam/prowler-additions-policy.json @@ -50,7 +50,11 @@ "gamelift:list*", "glacier:list*", "importexport:listjobs", - "lambda:get*", + "lambda:GetAccountSettings", + "lambda:GetFunctionConfiguration", + "lambda:GetLayerVersionPolicy", + "lambda:GetPolicy", + "lambda:List*", "lex:getbotaliases", "lex:getbotchannelassociations", "lex:getbots",