Add permission for 5 waf-regional APIs

README.md

@@ -134,4 +134,9 @@ The audit policy is comprised of the following permissions:
 |                            | apigatewayv2:GetRoute                                   |           |
 |                            | apigatewayv2:GetRouteResponses                          |           |
 |                            | apigatewayv2:GetStages                                  |           |
-|                            | apigatewayv2:GetVpcLinks                                |           |
+|                            | apigatewayv2:GetVpcLinks                                |           |
+| WAF-REGIONAL               | waf-regional:ListRules                                  | *         |
+|                            | waf-regional:GetRule                                    |           |
+|                            | waf-regional:ListRuleGroups                             |           |
+|                            | waf-regional:GetRuleGroup                               |           |
+|                            | waf-regional:ListActivatedRuleInRuleGroup               |           |

main.tf

@@ -134,6 +134,16 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     "apigatewayv2:GetVpcLinks"]
     resources = ["*"]
   }
+  statement {
+    sid = "WAF-REGIONAL"
+    actions = ["waf-regional:ListRules",
+      "waf-regional:GetRule",
+      "waf-regional:ListRuleGroups",
+      "waf-regional:GetRuleGroup",
+      "waf-regional:ListActivatedRuleInRuleGroup"
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {