Skip to content

Commit 61a7435

Browse files
yingxinlyingxinl
authored
Merge branch 'main' into RAIN-94027-compute-optimizer-permissions
2 parents 720fc76 + c2154c6 commit 61a7435

File tree

2 files changed

+56
-2
lines changed

2 files changed

+56
-2
lines changed

README.md

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,31 @@ The audit policy is comprised of the following permissions:
140140
| | ses:ListRecommendations | |
141141
| | ses:ListSuppressedDestinations | |
142142
| | ses:GetSuppressedDestination | |
143-
| COMPUTEOPTIMIZER | compute-optimizer:DescribeRecommendationExportJobs | * |
143+
| BACKUP | backup:ListBackupJobs | * |
144+
| | backup:DescribeBackupJob | |
145+
| | backup:ListBackupPlanTemplates | |
146+
| | backup:GetBackupPlanFromTemplate | |
147+
| | backup:ListBackupPlans | |
148+
| | backup:GetBackupPlan | |
149+
| | backup:ListBackupPlanVersions | |
150+
| | backup:ListBackupSelections | |
151+
| | backup:GetBackupSelection | |
152+
| | backup:DescribeBackupVault | |
153+
| | backup:ListRecoveryPointsByBackupVault | |
154+
| | backup:DescribeRecoveryPoint | |
155+
| | backup:GetRecoveryPointRestoreMetadata | |
156+
| | backup:ListCopyJobs | |
157+
| | backup:ListFrameworks | |
158+
| | backup:DescribeFramework | |
159+
| | backup:ListLegalHolds | |
160+
| | backup:GetLegalHold | |
161+
| | backup:ListRecoveryPointsByLegalHold | |
162+
| | backup:ListProtectedResources | |
163+
| | backup:DescribeProtectedResource | |
164+
| | backup:ListRecoveryPointsByResource | |
165+
| | backup:ListReportPlans | |
166+
| | backup:ListRestoreJobs | |
167+
| COMPUTEOPTIMIZER | compute-optimizer:DescribeRecommendationExportJobs | * |
144168
| | compute-optimizer:GetAutoScalingGroupRecommendations | |
145169
| | compute-optimizer:GetEffectiveRecommendationPreferences | |
146170
| | compute-optimizer:GetEBSVolumeRecommendations | |

main.tf

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
156156
resources = ["*"]
157157
}
158158

159-
statement {
159+
statement {
160160
sid = "SES"
161161
actions = ["ses:ListContactLists",
162162
"ses:GetContactList",
@@ -181,6 +181,36 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
181181
resources = ["*"]
182182
}
183183

184+
statement {
185+
sid = "BACKUP"
186+
actions = ["backup:ListBackupJobs",
187+
"backup:DescribeBackupJob",
188+
"backup:ListBackupPlanTemplates",
189+
"backup:GetBackupPlanFromTemplate",
190+
"backup:ListBackupPlans",
191+
"backup:GetBackupPlan",
192+
"backup:ListBackupPlanVersions",
193+
"backup:ListBackupSelections",
194+
"backup:GetBackupSelection",
195+
"backup:DescribeBackupVault",
196+
"backup:ListRecoveryPointsByBackupVault",
197+
"backup:DescribeRecoveryPoint",
198+
"backup:GetRecoveryPointRestoreMetadata",
199+
"backup:ListCopyJobs",
200+
"backup:ListFrameworks",
201+
"backup:DescribeFramework",
202+
"backup:ListLegalHolds",
203+
"backup:GetLegalHold",
204+
"backup:ListRecoveryPointsByLegalHold",
205+
"backup:ListProtectedResources",
206+
"backup:DescribeProtectedResource",
207+
"backup:ListRecoveryPointsByResource",
208+
"backup:ListReportPlans",
209+
"backup:ListRestoreJobs",
210+
]
211+
resources = ["*"]
212+
}
213+
184214
statement {
185215
sid = "COMPUTEOPTIMIZER"
186216
actions = [

0 commit comments

Comments
 (0)