Skip to content

Commit 833c70f

Browse files
yingxinlyingxinl
committed
Merge remote-tracking branch 'origin/main' into RAIN-94027-compute-optimizer-permissions
2 parents 61a7435 + fb67991 commit 833c70f

File tree

2 files changed

+17
-1
lines changed

2 files changed

+17
-1
lines changed

README.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -164,6 +164,11 @@ The audit policy is comprised of the following permissions:
164164
| | backup:ListRecoveryPointsByResource | |
165165
| | backup:ListReportPlans | |
166166
| | backup:ListRestoreJobs | |
167+
| COGNITO-IDP | cognito-idp:GetSigningCertificate | |
168+
| | cognito-idp:GetCSVHeader | |
169+
| | cognito-idp:GetUserPoolMfaConfig | |
170+
| | cognito-idp:GetUICustomization | |
171+
167172
| COMPUTEOPTIMIZER | compute-optimizer:DescribeRecommendationExportJobs | * |
168173
| | compute-optimizer:GetAutoScalingGroupRecommendations | |
169174
| | compute-optimizer:GetEffectiveRecommendationPreferences | |

main.tf

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
129129
sid = "GLUE"
130130
actions = ["glue:ListWorkflows",
131131
"glue:BatchGetWorkflows",
132+
"glue:GetWorkflows",
132133
"glue:GetTags"]
133134
resources = ["*"]
134135
}
@@ -210,7 +211,17 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
210211
]
211212
resources = ["*"]
212213
}
213-
214+
215+
statement {
216+
sid = "COGNITOIDP"
217+
actions = ["cognito-idp:GetSigningCertificate",
218+
"cognito-idp:GetCSVHeader",
219+
"cognito-idp:GetUserPoolMfaConfig",
220+
"cognito-idp:GetUICustomization",
221+
]
222+
resources = ["*"]
223+
}
224+
214225
statement {
215226
sid = "COMPUTEOPTIMIZER"
216227
actions = [

0 commit comments

Comments
 (0)