From 6e56d201d83b860fdeec804e60c00a3f259b672b Mon Sep 17 00:00:00 2001
From: Yingxin Li <yingxin.li@lacework.net>
Date: Wed, 4 Dec 2024 16:41:54 -0800
Subject: [PATCH] add permission for compute-optimizer

Signed-off-by: Yingxin Li <yingxin.li@lacework.net>
---
 README.md | 10 ++++++++++
 main.tf   | 17 +++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/README.md b/README.md
index d10b05c..fbd7e4b 100644
--- a/README.md
+++ b/README.md
@@ -168,3 +168,13 @@ The audit policy is comprised of the following permissions:
 |                            | cognito-idp:GetCSVHeader                                |           |
 |                            | cognito-idp:GetUserPoolMfaConfig                        |           |
 |                            | cognito-idp:GetUICustomization                          |           |
+| COMPUTEOPTIMIZER           | compute-optimizer:DescribeRecommendationExportJobs      | *         |
+|                            | compute-optimizer:GetAutoScalingGroupRecommendations    |           |
+|                            | compute-optimizer:GetEffectiveRecommendationPreferences |           |
+|                            | compute-optimizer:GetEBSVolumeRecommendations           |           |
+|                            | compute-optimizer:GetEC2InstanceRecommendations         |           |
+|                            | compute-optimizer:GetEnrollmentStatus                   |           |
+|                            | compute-optimizer:GetEnrollmentStatusesForOrganization  |           |
+|                            | compute-optimizer:GetLambdaFunctionRecommendations      |           |
+|                            | compute-optimizer:GetRecommendationPreferences          |           |
+|                            | compute-optimizer:GetRecommendationSummaries            |           |
\ No newline at end of file
diff --git a/main.tf b/main.tf
index 6267f8b..f87dbd3 100644
--- a/main.tf
+++ b/main.tf
@@ -221,6 +221,23 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     ]
     resources = ["*"]
   }
+
+  statement {
+    sid       = "COMPUTEOPTIMIZER"
+    actions   = [
+      "compute-optimizer:DescribeRecommendationExportJobs",
+      "compute-optimizer:GetAutoScalingGroupRecommendations",
+      "compute-optimizer:GetEffectiveRecommendationPreferences",
+      "compute-optimizer:GetEBSVolumeRecommendations",
+      "compute-optimizer:GetEC2InstanceRecommendations",
+      "compute-optimizer:GetEnrollmentStatus",
+      "compute-optimizer:GetEnrollmentStatusesForOrganization",
+      "compute-optimizer:GetLambdaFunctionRecommendations",
+      "compute-optimizer:GetRecommendationPreferences",
+      "compute-optimizer:GetRecommendationSummaries"
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {