diff --git a/README.md b/README.md index d10b05c..5328ab9 100644 --- a/README.md +++ b/README.md @@ -168,3 +168,14 @@ The audit policy is comprised of the following permissions: | | cognito-idp:GetCSVHeader | | | | cognito-idp:GetUserPoolMfaConfig | | | | cognito-idp:GetUICustomization | | + +| COMPUTEOPTIMIZER | compute-optimizer:DescribeRecommendationExportJobs | * | +| | compute-optimizer:GetAutoScalingGroupRecommendations | | +| | compute-optimizer:GetEffectiveRecommendationPreferences | | +| | compute-optimizer:GetEBSVolumeRecommendations | | +| | compute-optimizer:GetEC2InstanceRecommendations | | +| | compute-optimizer:GetEnrollmentStatus | | +| | compute-optimizer:GetEnrollmentStatusesForOrganization | | +| | compute-optimizer:GetLambdaFunctionRecommendations | | +| | compute-optimizer:GetRecommendationPreferences | | +| | compute-optimizer:GetRecommendationSummaries | | \ No newline at end of file diff --git a/main.tf b/main.tf index 6267f8b..f87dbd3 100644 --- a/main.tf +++ b/main.tf @@ -221,6 +221,23 @@ data "aws_iam_policy_document" "lacework_audit_policy" { ] resources = ["*"] } + + statement { + sid = "COMPUTEOPTIMIZER" + actions = [ + "compute-optimizer:DescribeRecommendationExportJobs", + "compute-optimizer:GetAutoScalingGroupRecommendations", + "compute-optimizer:GetEffectiveRecommendationPreferences", + "compute-optimizer:GetEBSVolumeRecommendations", + "compute-optimizer:GetEC2InstanceRecommendations", + "compute-optimizer:GetEnrollmentStatus", + "compute-optimizer:GetEnrollmentStatusesForOrganization", + "compute-optimizer:GetLambdaFunctionRecommendations", + "compute-optimizer:GetRecommendationPreferences", + "compute-optimizer:GetRecommendationSummaries" + ] + resources = ["*"] + } } resource "aws_iam_policy" "lacework_audit_policy" {