From 5a2e5e9d52246333068344e6c0e216e2b68dd96b Mon Sep 17 00:00:00 2001
From: ljohnny <ljohnny@fortinet.com>
Date: Thu, 2 Jan 2025 23:19:34 +0000
Subject: [PATCH] feat: add AWS personalize service permissions

Signed-off-by: ljohnny <ljohnny@fortinet.com>
---
 README.md | 3 +++
 main.tf   | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/README.md b/README.md
index 5f3805e..e58f159 100644
--- a/README.md
+++ b/README.md
@@ -192,3 +192,6 @@ The audit policy is comprised of the following permissions:
 |                            | aps:DescribeRuleGroupsNamespace                         |           |
 | APPSTREAM                  | appstream:Describe*                                     |           |
 |                            | appstream:List*                                         |           |
+| PERSONALIZE                | personalize:Describe*                                   |           |
+|                            | personalize:List*                                       |           |
+|                            | personalize:GetSolutionMetrics                          |           |
diff --git a/main.tf b/main.tf
index 32a186f..bd1e366 100644
--- a/main.tf
+++ b/main.tf
@@ -270,6 +270,15 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     ]
     resources = ["*"]
   }
+
+  statement {
+    sid = "PERSONALIZE"
+    actions = ["personalize:Describe*",
+      "personalize:List*",
+      "personalize:GetSolutionMetrics",
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {