mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
330 lines
11 KiB
JSON
330 lines
11 KiB
JSON
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Action": [
|
|
"acm:describe*",
|
|
"acm:list*",
|
|
"apigateway:get*",
|
|
"apigatewayv2:get*",
|
|
"application-autoscaling:describe*",
|
|
"appmesh:describe*",
|
|
"appmesh:list*",
|
|
"appsync:list*",
|
|
"athena:list*",
|
|
"autoscaling:describe*",
|
|
"aws-marketplace:viewsubscriptions",
|
|
"batch:describecomputeenvironments",
|
|
"batch:describejobdefinitions",
|
|
"batch:listjobs",
|
|
"chime:list*",
|
|
"cloud9:describe*",
|
|
"cloud9:listenvironments",
|
|
"clouddirectory:listappliedschemaarns",
|
|
"clouddirectory:listdevelopmentschemaarns",
|
|
"clouddirectory:listdirectories",
|
|
"clouddirectory:listpublishedschemaarns",
|
|
"cloudformation:describestack*",
|
|
"cloudformation:getstackpolicy",
|
|
"cloudformation:gettemplate",
|
|
"cloudformation:list*",
|
|
"cloudfront:get*",
|
|
"cloudfront:list*",
|
|
"cloudhsm:listavailablezones",
|
|
"cloudhsm:listhapgs",
|
|
"cloudhsm:listhsms",
|
|
"cloudhsm:listlunaclients",
|
|
"cloudsearch:describedomains",
|
|
"cloudsearch:describeserviceaccesspolicies",
|
|
"cloudsearch:list*",
|
|
"cloudtrail:describetrails",
|
|
"cloudtrail:geteventselectors",
|
|
"cloudtrail:gettrailstatus",
|
|
"cloudtrail:listtags",
|
|
"cloudtrail:lookupevents",
|
|
"cloudwatch:describe*",
|
|
"cloudwatch:get*",
|
|
"cloudwatch:list*",
|
|
"codebuild:listbuilds*",
|
|
"codebuild:listprojects",
|
|
"codecommit:batchgetrepositories",
|
|
"codecommit:getbranch",
|
|
"codecommit:getobjectidentifier",
|
|
"codecommit:getrepository",
|
|
"codecommit:list*",
|
|
"codedeploy:batch*",
|
|
"codedeploy:get*",
|
|
"codedeploy:list*",
|
|
"codepipeline:listpipelines",
|
|
"codestar:describe*",
|
|
"codestar:list*",
|
|
"codestar:verify*",
|
|
"cognito-identity:listidentities",
|
|
"cognito-identity:listidentitypools",
|
|
"cognito-idp:list*",
|
|
"cognito-idp:listuserpools",
|
|
"cognito-sync:describe*",
|
|
"cognito-sync:list*",
|
|
"cognito-sync:listdatasets",
|
|
"comprehend:describe*",
|
|
"comprehend:list*",
|
|
"config:batchgetaggregateresourceconfig",
|
|
"config:batchgetresourceconfig",
|
|
"config:deliver*",
|
|
"config:describe*",
|
|
"config:get*",
|
|
"config:list*",
|
|
"connect:list*",
|
|
"datapipeline:describeobjects",
|
|
"datapipeline:describepipelines",
|
|
"datapipeline:evaluateexpression",
|
|
"datapipeline:getaccountlimits",
|
|
"datapipeline:getpipelinedefinition",
|
|
"datapipeline:listpipelines",
|
|
"datapipeline:queryobjects",
|
|
"datapipeline:validatepipelinedefinition",
|
|
"datasync:describe*",
|
|
"datasync:list*",
|
|
"dax:describe*",
|
|
"dax:describeclusters",
|
|
"dax:describedefaultparameters",
|
|
"dax:describeevents",
|
|
"dax:describeparametergroups",
|
|
"dax:describeparameters",
|
|
"dax:describesubnetgroups",
|
|
"dax:describetable",
|
|
"dax:listtables",
|
|
"dax:listtags",
|
|
"devicefarm:list*",
|
|
"directconnect:describe*",
|
|
"discovery:list*",
|
|
"dms:describe*",
|
|
"dms:list*",
|
|
"dms:listtagsforresource",
|
|
"ds:describedirectories",
|
|
"dynamodb:describebackup",
|
|
"dynamodb:describecontinuousbackups",
|
|
"dynamodb:describeglobaltable",
|
|
"dynamodb:describeglobaltablesettings",
|
|
"dynamodb:describelimits",
|
|
"dynamodb:describereservedcapacity",
|
|
"dynamodb:describereservedcapacityofferings",
|
|
"dynamodb:describestream",
|
|
"dynamodb:describetable",
|
|
"dynamodb:describetimetolive",
|
|
"dynamodb:listbackups",
|
|
"dynamodb:listglobaltables",
|
|
"dynamodb:liststreams",
|
|
"dynamodb:listtables",
|
|
"dynamodb:listtagsofresource",
|
|
"ec2:describe*",
|
|
"ec2:get*",
|
|
"ecr:describe*",
|
|
"ecr:getrepositorypolicy",
|
|
"ecr:listimages",
|
|
"ecs:describe*",
|
|
"ecs:list*",
|
|
"eks:describecluster",
|
|
"eks:listclusters",
|
|
"elasticache:describe*",
|
|
"elasticbeanstalk:describe*",
|
|
"elasticbeanstalk:listavailablesolutionstacks",
|
|
"elasticfilesystem:describefilesystems",
|
|
"elasticfilesystem:describemounttargets",
|
|
"elasticfilesystem:describemounttargetsecuritygroups",
|
|
"elasticloadbalancing:describe*",
|
|
"elasticmapreduce:describe*",
|
|
"elasticmapreduce:list*",
|
|
"elastictranscoder:list*",
|
|
"es:describe*",
|
|
"es:listdomainnames",
|
|
"events:describe*",
|
|
"events:list*",
|
|
"firehose:describe*",
|
|
"firehose:list*",
|
|
"fms:listcompliancestatus",
|
|
"fms:listpolicies",
|
|
"fsx:describe*",
|
|
"fsx:list*",
|
|
"gamelift:list*",
|
|
"glacier:describevault",
|
|
"glacier:getvaultaccesspolicy",
|
|
"glacier:list*",
|
|
"globalaccelerator:describe*",
|
|
"globalaccelerator:list*",
|
|
"greengrass:list*",
|
|
"guardduty:get*",
|
|
"guardduty:list*",
|
|
"iam:generatecredentialreport",
|
|
"iam:generateservicelastaccesseddetails",
|
|
"iam:get*",
|
|
"iam:list*",
|
|
"iam:simulatecustompolicy",
|
|
"iam:simulateprincipalpolicy",
|
|
"importexport:listjobs",
|
|
"inspector:describe*",
|
|
"inspector:get*",
|
|
"inspector:list*",
|
|
"inspector:preview*",
|
|
"iot:describe*",
|
|
"iot:getpolicy",
|
|
"iot:getpolicyversion",
|
|
"iot:list*",
|
|
"kinesis:describestream",
|
|
"kinesis:liststreams",
|
|
"kinesis:listtagsforstream",
|
|
"kinesisanalytics:listapplications",
|
|
"kms:describe*",
|
|
"kms:get*",
|
|
"kms:list*",
|
|
"lambda:getaccountsettings",
|
|
"lambda:getfunctionconfiguration",
|
|
"lambda:getlayerversionpolicy",
|
|
"lambda:getpolicy",
|
|
"lambda:list*",
|
|
"lex:getbotaliases",
|
|
"lex:getbotchannelassociations",
|
|
"lex:getbots",
|
|
"lex:getbotversions",
|
|
"lex:getintents",
|
|
"lex:getintentversions",
|
|
"lex:getslottypes",
|
|
"lex:getslottypeversions",
|
|
"lex:getutterancesview",
|
|
"license-manager:list*",
|
|
"lightsail:getblueprints",
|
|
"lightsail:getbundles",
|
|
"lightsail:getinstances",
|
|
"lightsail:getinstancesnapshots",
|
|
"lightsail:getkeypair",
|
|
"lightsail:getloadbalancers",
|
|
"lightsail:getregions",
|
|
"lightsail:getstaticips",
|
|
"lightsail:isvpcpeered",
|
|
"logs:describe*",
|
|
"logs:listtagsloggroup",
|
|
"machinelearning:describe*",
|
|
"mediaconnect:describe*",
|
|
"mediaconnect:list*",
|
|
"mediastore:getcontainerpolicy",
|
|
"mediastore:listcontainers",
|
|
"mobilehub:listavailablefeatures",
|
|
"mobilehub:listavailableregions",
|
|
"mobilehub:listprojects",
|
|
"mobiletargeting:getapplicationsettings",
|
|
"mobiletargeting:getcampaigns",
|
|
"mobiletargeting:getimportjobs",
|
|
"mobiletargeting:getsegments",
|
|
"opsworks-cm:describe*",
|
|
"opsworks-cm:describeservers",
|
|
"opsworks:describe*",
|
|
"opsworks:describestacks",
|
|
"organizations:describe*",
|
|
"organizations:list*",
|
|
"polly:describe*",
|
|
"polly:list*",
|
|
"quicksight:describe*",
|
|
"quicksight:list*",
|
|
"ram:list*",
|
|
"rds:describe*",
|
|
"rds:downloaddblogfileportion",
|
|
"rds:listtagsforresource",
|
|
"redshift:describe*",
|
|
"redshift:viewqueriesinconsole",
|
|
"rekognition:describe*",
|
|
"rekognition:list*",
|
|
"robomaker:describe*",
|
|
"robomaker:list*",
|
|
"route53:get*",
|
|
"route53:list*",
|
|
"route53domains:getdomaindetail",
|
|
"route53domains:getoperationdetail",
|
|
"route53domains:list*",
|
|
"route53resolver:get*",
|
|
"route53resolver:list*",
|
|
"s3:getaccelerateconfiguration",
|
|
"s3:getaccountpublicaccessblock",
|
|
"s3:getanalyticsconfiguration",
|
|
"s3:getbucket*",
|
|
"s3:getencryptionconfiguration",
|
|
"s3:getinventoryconfiguration",
|
|
"s3:getlifecycleconfiguration",
|
|
"s3:getmetricsconfiguration",
|
|
"s3:getobjectacl",
|
|
"s3:getobjectversionacl",
|
|
"s3:getreplicationconfiguration",
|
|
"s3:listallmybuckets",
|
|
"s3:listbucket",
|
|
"sagemaker:describe*",
|
|
"sagemaker:list*",
|
|
"sdb:domainmetadata",
|
|
"sdb:list*",
|
|
"secretsmanager:getresourcepolicy",
|
|
"secretsmanager:listsecrets",
|
|
"secretsmanager:listsecretversionids",
|
|
"securityhub:describe*",
|
|
"securityhub:get*",
|
|
"securityhub:list*",
|
|
"serverlessrepo:getapplicationpolicy",
|
|
"serverlessrepo:list*",
|
|
"servicecatalog:list*",
|
|
"ses:getidentitydkimattributes",
|
|
"ses:getidentitypolicies",
|
|
"ses:getidentityverificationattributes",
|
|
"ses:list*",
|
|
"ses:sendemail",
|
|
"shield:describe*",
|
|
"shield:list*",
|
|
"snowball:listclusters",
|
|
"snowball:listjobs",
|
|
"sns:gettopicattributes",
|
|
"sns:list*",
|
|
"sqs:getqueueattributes",
|
|
"sqs:listdeadlettersourcequeues",
|
|
"sqs:listqueues",
|
|
"sqs:listqueuetags",
|
|
"ssm:describe*",
|
|
"ssm:getautomationexecution",
|
|
"ssm:listassociations",
|
|
"ssm:listdocuments",
|
|
"sso:describepermissionspolicies",
|
|
"sso:list*",
|
|
"states:listactivities",
|
|
"states:liststatemachines",
|
|
"storagegateway:describebandwidthratelimit",
|
|
"storagegateway:describecache",
|
|
"storagegateway:describecachediscsivolumes",
|
|
"storagegateway:describegatewayinformation",
|
|
"storagegateway:describemaintenancestarttime",
|
|
"storagegateway:describenfsfileshares",
|
|
"storagegateway:describesnapshotschedule",
|
|
"storagegateway:describestorediscsivolumes",
|
|
"storagegateway:describetapearchives",
|
|
"storagegateway:describetaperecoverypoints",
|
|
"storagegateway:describetapes",
|
|
"storagegateway:describeuploadbuffer",
|
|
"storagegateway:describevtldevices",
|
|
"storagegateway:describeworkingstorage",
|
|
"storagegateway:list*",
|
|
"support:describe*",
|
|
"swf:list*",
|
|
"tag:getresources",
|
|
"tag:gettagkeys",
|
|
"transfer:describe*",
|
|
"transfer:list*",
|
|
"translate:list*",
|
|
"trustedadvisor:describe*",
|
|
"waf-regional:list*",
|
|
"waf-regional:listwebacls",
|
|
"waf:list*",
|
|
"workdocs:describeavailabledirectories",
|
|
"workdocs:describeinstances",
|
|
"workmail:describe*",
|
|
"workspaces:describe*"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": "*"
|
|
}
|
|
]
|
|
}
|