feat: add permission for cognito-idp service

Author: ljohnny-git

README.md

@@ -163,4 +163,8 @@ The audit policy is comprised of the following permissions:
 |                            | backup:DescribeProtectedResource                        |           |
 |                            | backup:ListRecoveryPointsByResource                     |           |
 |                            | backup:ListReportPlans                                  |           |
-|                            | backup:ListRestoreJobs                                  |           |
+|                            | backup:ListRestoreJobs                                  |           |
+| COGNITO-IDP                | cognito-idp:GetSigningCertificate                       |           |
+|                            | cognito-idp:GetCSVHeader                                |           |
+|                            | cognito-idp:GetUserPoolMfaConfig                        |           |
+|                            | cognito-idp:GetUICustomization                          |           |

main.tf

@@ -210,6 +210,16 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     ]
     resources = ["*"]
   }
+
+  statement {
+    sid = "COGNITO-IDP"
+    actions = ["cognito-idp:GetSigningCertificate",
+      "cognito-idp:GetCSVHeader",
+      "cognito-idp:GetUserPoolMfaConfig",
+      "cognito-idp:GetUICustomization",
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {