Add permission for AMP (#121)

Author: LMAX-iwnf

README.md

@@ -182,3 +182,11 @@ The audit policy is comprised of the following permissions:
 |                            | kinesisanalytics:ListApplicationVersions                |           |
 |                            | kinesisanalytics:DescribeApplicationVersion             |           |
 |                            | kinesisanalytics:DescribeApplication                    |           |
+| AMP                        | aps:ListScrapers                                        | *         |
+|                            | aps:DescribeScraper                                     |           |
+|                            | aps:ListWorkspaces                                      |           |
+|                            | aps:DescribeAlertManagerDefinition                      |           |
+|                            | aps:DescribeLoggingConfiguration                        |           |
+|                            | aps:DescribeWorkspace                                   |           |
+|                            | aps:ListRuleGroupsNamespaces                            |           |
+|                            | aps:DescribeRuleGroupsNamespace                         |           |

main.tf

@@ -248,6 +248,20 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     ]
     resources = ["*"]
   }
+
+  statement {
+    sid = "AMP"
+    actions = ["aps:ListScrapers",
+      "aps:DescribeScraper",
+      "aps:ListWorkspaces",
+      "aps:DescribeAlertManagerDefinition",
+      "aps:DescribeLoggingConfiguration",
+      "aps:DescribeWorkspace",
+      "aps:ListRuleGroupsNamespaces",
+      "aps:DescribeRuleGroupsNamespace",
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {