From c6675c7fb9a7137021efeb35e35e411de007fd82 Mon Sep 17 00:00:00 2001
From: Jingjing Zhang <jingjing.zhang@lacework.net>
Date: Wed, 13 Dec 2023 10:50:08 -0800
Subject: [PATCH] permissionForSNS

---
 README.md | 3 +++
 main.tf   | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/README.md b/README.md
index f392b82..29a1e78 100644
--- a/README.md
+++ b/README.md
@@ -145,3 +145,6 @@ The audit policy is comprised of the following permissions:
 |                            | glue:GetTags                                            |           |
 | CODEBUILD                  | codebuild:ListBuilds                                    | *         |
 |                            | codebuild:BatchGetBuilds                                |           |
+| SNS                        | sns:GetDataProtectionPolicy                             | *         |
+|                            | sns:ListPlatformApplications                            |           |
+|                            | sns:GetSubscriptionAttributes                           |           |
\ No newline at end of file
diff --git a/main.tf b/main.tf
index c3a630b..c64993f 100644
--- a/main.tf
+++ b/main.tf
@@ -158,6 +158,15 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     ]
     resources = ["*"]
   }
+
+  statement {
+    sid = "SNS"
+    actions = ["sns:GetDataProtectionPolicy",
+      "sns:ListPlatformApplications",
+      "sns:GetSubscriptionAttributes",
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {