From 265ebecc81fb5a46c0b7f06e13afd14eb13af3c1 Mon Sep 17 00:00:00 2001
From: Max <lmax@fortinet.com>
Date: Tue, 14 Jan 2025 14:18:13 -0800
Subject: [PATCH] Remove permission that already exist in v48 security audit
 policy

---
 main.tf | 19 ++++---------------
 1 file changed, 4 insertions(+), 15 deletions(-)

diff --git a/main.tf b/main.tf
index bd1e366..0bd8d0d 100644
--- a/main.tf
+++ b/main.tf
@@ -50,13 +50,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
 
   statement {
     sid = "EFS"
-    actions = ["elasticfilesystem:DescribeFileSystemPolicy",
-      "elasticfilesystem:DescribeLifecycleConfiguration",
-      "elasticfilesystem:DescribeAccessPoints",
-      "elasticfilesystem:DescribeAccountPreferences",
-      "elasticfilesystem:DescribeBackupPolicy",
-      "elasticfilesystem:ListTagsForResource",
-    "elasticfilesystem:DescribeReplicationConfigurations"]
+    actions = ["elasticfilesystem:ListTagsForResource"]
     resources = ["*"]
   }
 
@@ -78,12 +72,8 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
   statement {
     sid = "IDENTITYSTORE"
     actions = ["identitystore:DescribeGroup",
-      "identitystore:DescribeGroupMembership",
-      "identitystore:DescribeUser",
-      "identitystore:ListGroupMemberships",
-      "identitystore:ListGroupMembershipsForMember",
-      "identitystore:ListGroups",
-    "identitystore:ListUsers"]
+    "identitystore:DescribeGroupMembership",
+    "identitystore:DescribeUser"]
     resources = ["*"]
   }
 
@@ -129,8 +119,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     sid = "GLUE"
     actions = ["glue:ListWorkflows",
       "glue:BatchGetWorkflows",
-      "glue:GetWorkflow",
-      "glue:GetTags"]
+      "glue:GetWorkflow"]
     resources = ["*"]
   }