feat: add AWS personalize service permissions (#125)

ljohnny-git · web-flow · commit a40e9183d8a4 · 2025-01-03T10:29:39.000-08:00
Signed-off-by: ljohnny &lt;ljohnny@fortinet.com&gt;
diff --git a/README.md b/README.md
@@ -192,3 +192,6 @@ The audit policy is comprised of the following permissions:
 |                            | aps:DescribeRuleGroupsNamespace                         |           |
 | APPSTREAM                  | appstream:Describe*                                     |           |
 |                            | appstream:List*                                         |           |
+| PERSONALIZE                | personalize:Describe*                                   |           |
+|                            | personalize:List*                                       |           |
+|                            | personalize:GetSolutionMetrics                          |           |
diff --git a/main.tf b/main.tf
@@ -270,6 +270,15 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     ]
     resources = ["*"]
   }
+
+  statement {
+    sid = "PERSONALIZE"
+    actions = ["personalize:Describe*",
+      "personalize:List*",
+      "personalize:GetSolutionMetrics",
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {

Original file line number	Diff line number	Diff line change
`@@ -270,6 +270,15 @@ data "aws_iam_policy_document" "lacework_audit_policy" {`
`270`	`270`	`]`
`271`	`271`	`resources = ["*"]`
`272`	`272`	`}`
	`273`	`+`
	`274`	`+ statement {`
	`275`	`+ sid = "PERSONALIZE"`
	`276`	`+ actions = ["personalize:Describe*",`
	`277`	`+ "personalize:List*",`
	`278`	`+ "personalize:GetSolutionMetrics",`
	`279`	`+ ]`
	`280`	`+ resources = ["*"]`
	`281`	`+ }`
`273`	`282`	`}`
`274`	`283`
`275`	`284`	`resource "aws_iam_policy" "lacework_audit_policy" {`