feat: add permissions for appstream (#123)

ljohnny-git · web-flow · commit c0ccfb82f3f9 · 2024-12-20T10:59:56.000-08:00
Signed-off-by: ljohnny &lt;ljohnny@fortinet.com&gt;
diff --git a/README.md b/README.md
@@ -189,4 +189,6 @@ The audit policy is comprised of the following permissions:
 |                            | aps:DescribeLoggingConfiguration                        |           |
 |                            | aps:DescribeWorkspace                                   |           |
 |                            | aps:ListRuleGroupsNamespaces                            |           |
-|                            | aps:DescribeRuleGroupsNamespace                         |           |
+|                            | aps:DescribeRuleGroupsNamespace                         |           |
+| APPSTREAM                  | appstream:Describe*                                     |           |
+|                            | appstream:List*                                         |           |
diff --git a/main.tf b/main.tf
@@ -262,6 +262,14 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     ]
     resources = ["*"]
   }
+
+  statement {
+    sid = "APPSTREAM"
+    actions = ["appstream:Describe*",
+      "appstream:List*",
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {

Original file line number	Diff line number	Diff line change
`@@ -262,6 +262,14 @@ data "aws_iam_policy_document" "lacework_audit_policy" {`
`262`	`262`	`]`
`263`	`263`	`resources = ["*"]`
`264`	`264`	`}`
	`265`	`+`
	`266`	`+ statement {`
	`267`	`+ sid = "APPSTREAM"`
	`268`	`+ actions = ["appstream:Describe*",`
	`269`	`+ "appstream:List*",`
	`270`	`+ ]`
	`271`	`+ resources = ["*"]`
	`272`	`+ }`
`265`	`273`	`}`
`266`	`274`
`267`	`275`	`resource "aws_iam_policy" "lacework_audit_policy" {`