Skip to content

Commit

Permalink
[SSPROD-40004] Adding permissions for aws-templates for the getFuncti…
Browse files Browse the repository at this point in the history 
…on call (#119)

* Adding permissions for templates

* grouping

* small fix
  • Loading branch information
@miguelpais
miguelpais authored May 11, 2024
1 parent cee7459 commit bf4346d
Show file tree
Hide file tree
Showing 6 changed files with 27 additions and 9 deletions.
4 changes: 3 additions & 1 deletion templates_cspm/CloudAgentlessRole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,9 @@ Resources:
Action: "macie2:ListClassificationJobs"
Resource: "*"
- Effect: "Allow"
Action: "lambda:GetRuntimeManagementConfig"
Action:
- "lambda:GetRuntimeManagementConfig"
- "lambda:GetFunction"
Resource: "*"

Outputs:
Expand Down
8 changes: 6 additions & 2 deletions templates_cspm/OrgCloudAgentlessRole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,9 @@ Resources:
Action: "macie2:ListClassificationJobs"
Resource: "*"
- Effect: "Allow"
Action: "lambda:GetRuntimeManagementConfig"
Action:
- "lambda:GetRuntimeManagementConfig"
- "lambda:GetFunction"
Resource: "*"
RoleStackSet:
Type: AWS::CloudFormation::StackSet
Expand Down Expand Up @@ -142,5 +144,7 @@ Resources:
Action: "macie2:ListClassificationJobs"
Resource: "*"
- Effect: "Allow"
Action: "lambda:GetRuntimeManagementConfig"
Action:
- "lambda:GetRuntimeManagementConfig"
- "lambda:GetFunction"
Resource: "*"
4 changes: 3 additions & 1 deletion templates_cspm_cloudlogs/FullInstall.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,9 @@ Resources:
Action: "macie2:ListClassificationJobs"
Resource: "*"
- Effect: "Allow"
Action: "lambda:GetRuntimeManagementConfig"
Action:
- "lambda:GetRuntimeManagementConfig"
- "lambda:GetFunction"
Resource: "*"
CloudLogsRole:
Type: "AWS::IAM::Role"
Expand Down
8 changes: 6 additions & 2 deletions templates_cspm_cloudlogs/OrgFullInstall.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,9 @@ Resources:
Action: "macie2:ListClassificationJobs"
Resource: "*"
- Effect: "Allow"
Action: "lambda:GetRuntimeManagementConfig"
Action:
- "lambda:GetRuntimeManagementConfig"
- "lambda:GetFunction"
Resource: "*"
CloudLogsRole:
Type: "AWS::IAM::Role"
Expand Down Expand Up @@ -196,5 +198,7 @@ Resources:
Action: "macie2:ListClassificationJobs"
Resource: "*"
- Effect: "Allow"
Action: "lambda:GetRuntimeManagementConfig"
Action:
- "lambda:GetRuntimeManagementConfig"
- "lambda:GetFunction"
Resource: "*"
4 changes: 3 additions & 1 deletion templates_cspm_eventbridge/FullInstall.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,9 @@ Resources:
Action: "macie2:ListClassificationJobs"
Resource: "*"
- Effect: "Allow"
Action: "lambda:GetRuntimeManagementConfig"
Action:
- "lambda:GetRuntimeManagementConfig"
- "lambda:GetFunction"
Resource: "*"
EventBridgeRole:
Type: AWS::IAM::Role
Expand Down
8 changes: 6 additions & 2 deletions templates_cspm_eventbridge/OrgFullInstall.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,9 @@ Resources:
Action: "macie2:ListClassificationJobs"
Resource: "*"
- Effect: "Allow"
Action: "lambda:GetRuntimeManagementConfig"
Action:
- "lambda:GetRuntimeManagementConfig"
- "lambda:GetFunction"
Resource: "*"
EventBridgeRole:
Type: AWS::IAM::Role
Expand Down Expand Up @@ -251,7 +253,9 @@ Resources:
Action: "macie2:ListClassificationJobs"
Resource: "*"
- Effect: "Allow"
Action: "lambda:GetRuntimeManagementConfig"
Action:
- "lambda:GetRuntimeManagementConfig"
- "lambda:GetFunction"
Resource: "*"
EventBridgeRole:
Type: AWS::IAM::Role
Expand Down

0 comments on commit bf4346d

Please sign in to comment.