Skip to content

Commit 57f207a

Browse files
LMAX-iwnfLMAX-iwnf
committed
Add permission for AWS service backup
1 parent 4b4d052 commit 57f207a

File tree

2 files changed

+56
-2
lines changed

2 files changed

+56
-2
lines changed

README.md

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -139,4 +139,28 @@ The audit policy is comprised of the following permissions:
139139
| | ses:GetImportJob | |
140140
| | ses:ListRecommendations | |
141141
| | ses:ListSuppressedDestinations | |
142-
| | ses:GetSuppressedDestination | |
142+
| | ses:GetSuppressedDestination | |
143+
| BACKUP | backup:ListBackupJobs | * |
144+
| | backup:DescribeBackupJob | |
145+
| | backup:ListBackupPlanTemplates | |
146+
| | backup:GetBackupPlanFromTemplate | |
147+
| | backup:ListBackupPlans | |
148+
| | backup:GetBackupPlan | |
149+
| | backup:ListBackupPlanVersions | |
150+
| | backup:ListBackupSelections | |
151+
| | backup:GetBackupSelection | |
152+
| | backup:DescribeBackupVault | |
153+
| | backup:ListRecoveryPointsByBackupVault | |
154+
| | backup:DescribeRecoveryPoint | |
155+
| | backup:GetRecoveryPointRestoreMetadata | |
156+
| | backup:ListCopyJobs | |
157+
| | backup:ListFrameworks | |
158+
| | backup:DescribeFramework | |
159+
| | backup:ListLegalHolds | |
160+
| | backup:GetLegalHold | |
161+
| | backup:ListRecoveryPointsByLegalHold | |
162+
| | backup:ListProtectedResources | |
163+
| | backup:DescribeProtectedResource | |
164+
| | backup:ListRecoveryPointsByResource | |
165+
| | backup:ListReportPlans | |
166+
| | backup:ListRestoreJobs | |

main.tf

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
156156
resources = ["*"]
157157
}
158158

159-
statement {
159+
statement {
160160
sid = "SES"
161161
actions = ["ses:ListContactLists",
162162
"ses:GetContactList",
@@ -180,6 +180,36 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
180180
]
181181
resources = ["*"]
182182
}
183+
184+
statement {
185+
sid = "BACKUP"
186+
actions = ["backup:ListBackupJobs",
187+
"backup:DescribeBackupJob",
188+
"backup:ListBackupPlanTemplates",
189+
"backup:GetBackupPlanFromTemplate",
190+
"backup:ListBackupPlans",
191+
"backup:GetBackupPlan",
192+
"backup:ListBackupPlanVersions",
193+
"backup:ListBackupSelections",
194+
"backup:GetBackupSelection",
195+
"backup:DescribeBackupVault",
196+
"backup:ListRecoveryPointsByBackupVault",
197+
"backup:DescribeRecoveryPoint",
198+
"backup:GetRecoveryPointRestoreMetadata",
199+
"backup:ListCopyJobs",
200+
"backup:ListFrameworks",
201+
"backup:DescribeFramework",
202+
"backup:ListLegalHolds",
203+
"backup:GetLegalHold",
204+
"backup:ListRecoveryPointsByLegalHold",
205+
"backup:ListProtectedResources",
206+
"backup:DescribeProtectedResource",
207+
"backup:ListRecoveryPointsByResource",
208+
"backup:ListReportPlans",
209+
"backup:ListRestoreJobs",
210+
]
211+
resources = ["*"]
212+
}
183213
}
184214

185215
resource "aws_iam_policy" "lacework_audit_policy" {

0 commit comments

Comments
 (0)