Skip to content

Commit

Permalink
feat(RAIN-90870): Add permission for five waf-regional APIs (#83)
Browse files Browse the repository at this point in the history 
* Add permission for 5 waf-regional APIs

* change one typo

* fixformat

* remove -

* updateReadme
  • Loading branch information
@jjzhangjjzhang
jjzhangjjzhang authored Nov 15, 2023
1 parent 601e098 commit b868fe3
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
5 changes: 5 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,11 @@ The audit policy is comprised of the following permissions:
| | apigatewayv2:GetRouteResponses | |
| | apigatewayv2:GetStages | |
| | apigatewayv2:GetVpcLinks | |
| WAFREGIONAL | waf-regional:ListRules | * |
| | waf-regional:GetRule | |
| | waf-regional:ListRuleGroups | |
| | waf-regional:GetRuleGroup | |
| | waf-regional:ListActivatedRulesInRuleGroup | |
| GLUE | glue:ListWorkflows | * |
| | glue:BatchGetWorkflows | |
| | glue:GetTags | |
Expand Down
9 changes: 9 additions & 0 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,15 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
"apigatewayv2:GetVpcLinks"]
resources = ["*"]
}
statement {
sid = "WAFREGIONAL"
actions = ["waf-regional:ListRules",
"waf-regional:GetRule",
"waf-regional:ListRuleGroups",
"waf-regional:GetRuleGroup",
"waf-regional:ListActivatedRulesInRuleGroup"]
resources = ["*"]
}
statement {
sid = "GLUE"
actions = ["glue:ListWorkflows",
Expand Down

0 comments on commit b868fe3

Please sign in to comment.