Pepe Fagoaga
34625ff4e7
fix: include lambda:GetFunction in prowler policy to check AWS Lambda related controls: extra720,extra759,extra760,extra762,extra798
2021-03-11 12:48:32 +01:00
Toni de la Fuente
9732e5be70
Reduce needed actions in additions policy @
2020-06-29 13:59:19 +02:00
Julio Delgado Jr
05247a2ccb
Prowler IAM Policy Enhancements and ReadMe Updates
2020-04-13 12:39:20 -04:00
Nick Malcolm
0d1807bd33
Remove ses:sendemails
...
Prowler doesn't need to send emails via SES. https://github.com/toniblyx/prowler/issues/124
2020-02-12 11:38:23 +13:00
Toni de la Fuente
b35350291f
Merge pull request #442 from dbellizzi/patch-1
...
add "lambda:GetAccountSettings",
"lambda:GetFunctionConfiguration",
"lambda:GetLayerVersionPolicy",
"lambda:GetPolicy",
"lambda:List*", to prowler-additions-policy
2020-01-27 18:07:05 -05:00
Toni de la Fuente
f038074e0c
Update prowler-additions-policy.json
2020-01-27 18:06:43 -05:00
Toni de la Fuente
20b127f516
Added DS IAM actions
2019-12-26 16:34:24 +01:00
Dominick Bellizzi
cc5da42797
add lambda:get* to prowler-additions-policy
...
The check: 7.60 [extra760] Find secrets in Lambda functions code (Not Scored) (Not part of CIS benchmark)
errors by default, with the following:
An error occurred (AccessDeniedException) when calling the GetFunction operation: User: user/prowler is not authorized to perform: lambda:GetFunction on resource: arn:aws:lambda:eu-west-2:347708466071:function:ApiSimpleDelayDDMonitor
Adding this policy to be successfully run that check.
2019-12-18 14:53:09 -08:00
Dominick Bellizzi
7cb869ad33
use more generic access-analyzer:List*
2019-12-12 09:36:19 -08:00
Dominick Bellizzi
53f097c2af
Add "access-analyzer:ListTagsForResource" to prowler-additions-policy.json
...
check extra769 (Check if IAM Access Analyzer is enabled and its findings) requires this IAM permission
2019-12-06 14:49:36 -08:00
Toni de la Fuente
3f68accf6f
Added missing file iam/prowler-additions-policy.json
2019-11-26 09:57:29 +01:00
