From 251372aeb87641d03fbc333d2fe3c5a41547fcad Mon Sep 17 00:00:00 2001
From: Max <lmax@fortinet.com>
Date: Thu, 23 Jan 2025 13:22:47 -0800
Subject: [PATCH] Move new permissions all into the new policy Updated readme

---
 README.md |  2 +-
 main.tf   | 82 +++++++++++++++++++++++++++----------------------------
 2 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/README.md b/README.md
index 887950e..d7d5a98 100644
--- a/README.md
+++ b/README.md
@@ -79,7 +79,7 @@ Terraform module for configuring an integration with Lacework and AWS for cloud
 ## Lacework Audit Policy
 
 The Lacework audit policy extends the SecurityAudit policy to facilitate the reading of additional configuration resources.
-As of 1/22/2025, we have exceeded the limit of 6144 characters for a single policy, thus every service starting with codeartifact are in a new policy.
+As of 1/22/2025, we have exceeded the limit of 6144 characters for a single policy, thus every service starting with KINESISVIDEO are in a new policy: lwaudit-policy-${random_id.uniq.hex}-2025-1
 The audit policy is comprised of the following permissions:
 
 | sid                        | actions                                                 | resources |
diff --git a/main.tf b/main.tf
index 5fcabc2..c45f05f 100644
--- a/main.tf
+++ b/main.tf
@@ -241,47 +241,6 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     ]
     resources = ["*"]
   }
-
-  statement {
-    sid = "KINESISVIDEO"
-    actions = ["kinesisvideo:GetSignalingChannelEndpoint",
-      "kinesisvideo:GetDataEndpoint",
-      "kinesisvideo:DescribeImageGenerationConfiguration",
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    sid = "AMP"
-    actions = ["aps:ListScrapers",
-      "aps:DescribeScraper",
-      "aps:ListWorkspaces",
-      "aps:DescribeAlertManagerDefinition",
-      "aps:DescribeLoggingConfiguration",
-      "aps:DescribeWorkspace",
-      "aps:ListRuleGroupsNamespaces",
-      "aps:DescribeRuleGroupsNamespace",
-      "aps:ListTagsForResource",
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    sid = "APPSTREAM"
-    actions = ["appstream:Describe*",
-      "appstream:List*",
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    sid = "PERSONALIZE"
-    actions = ["personalize:Describe*",
-      "personalize:List*",
-      "personalize:GetSolutionMetrics",
-    ]
-    resources = ["*"]
-  }
 }
 
 # AWS iam allows only 6144 characters in a single policy
@@ -325,6 +284,47 @@ data "aws_iam_policy_document" "lacework_audit_policy_2025_1" {
     ]
     resources = ["*"]
   }
+
+  statement {
+    sid = "KINESISVIDEO"
+    actions = ["kinesisvideo:GetSignalingChannelEndpoint",
+      "kinesisvideo:GetDataEndpoint",
+      "kinesisvideo:DescribeImageGenerationConfiguration",
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "AMP"
+    actions = ["aps:ListScrapers",
+      "aps:DescribeScraper",
+      "aps:ListWorkspaces",
+      "aps:DescribeAlertManagerDefinition",
+      "aps:DescribeLoggingConfiguration",
+      "aps:DescribeWorkspace",
+      "aps:ListRuleGroupsNamespaces",
+      "aps:DescribeRuleGroupsNamespace",
+      "aps:ListTagsForResource",
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "APPSTREAM"
+    actions = ["appstream:Describe*",
+      "appstream:List*",
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "PERSONALIZE"
+    actions = ["personalize:Describe*",
+      "personalize:List*",
+      "personalize:GetSolutionMetrics",
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {