From 0095691736a82d066d38321e1e4e0d31b495b839 Mon Sep 17 00:00:00 2001
From: Max <lmax@fortinet.com>
Date: Wed, 6 Nov 2024 13:31:03 -0800
Subject: [PATCH 1/6] Add AWS permission for sesv2 APIS

---
 README.md | 27 ++++++++++++++++++++++++---
 main.tf   | 29 ++++++++++++++++++++++++++++-
 2 files changed, 52 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index d20ca14..3873aea 100644
--- a/README.md
+++ b/README.md
@@ -2,10 +2,10 @@
 
 # terraform-aws-config
 
-[![GitHub release](https://img.shields.io/github/release/lacework/terraform-aws-config.svg)](https://github.com/lacework/terraform-aws-config/releases/)
+[![GitHub release](https://img.shields.io/github/release/lacework/terraform-aws-config.svg)](https://github.com/lacework/terraform-aws-config/relea ses/)
 [![Codefresh build status]( https://g.codefresh.io/api/badges/pipeline/lacework/terraform-modules%2Ftest-compatibility?type=cf-1&key=eyJhbGciOiJIUzI1NiJ9.NWVmNTAxOGU4Y2FjOGQzYTkxYjg3ZDEx.RJ3DEzWmBXrJX7m38iExJ_ntGv4_Ip8VTa-an8gBwBo)]( https://g.codefresh.io/pipelines/edit/new/builds?id=607e25e6728f5a6fba30431b&pipeline=test-compatibility&projects=terraform-modules&projectId=607db54b728f5a5f8930405d)
 
-Terraform module for configuring an integration with Lacework and AWS for cloud resource configuration assessment.
+Terraform module for configuring an integration with Lacework and AWS for cloud resource configuration as sessment.
 
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
@@ -118,4 +118,25 @@ The audit policy is comprised of the following permissions:
 |                            | codebuild:BatchGetBuilds                                |           |
 | SNS                        | sns:GetDataProtectionPolicy                             | *         |
 |                            | sns:ListPlatformApplications                            |           |
-|                            | sns:GetSubscriptionAttributes                           |           |
\ No newline at end of file
+|                            | sns:GetSubscriptionAttributes                           |           |
+| SES                        | ses:ListContactLists                                    | *         |
+|                            | ses:GetContactList                                      |           |
+|                            | ses:ListContacts                                        |           |
+|                            | ses:GetContact                                          |           |
+|                            | ses:ListCustomVerificationEmailTemplates                |           |
+|                            | ses:GetCustomVerificationEmailTemplate                  |           |
+|                            | ses:GetDedicatedIpPool                                  |           |
+|                            | ses:GetBlacklistReports                                 |           |
+|                            | ses:GetDedicatedIp                                      |           |
+|                            | ses:ListDeliverabilityTestReports                       |           |
+|                            | ses:GetDeliverabilityTestReport                         |           |
+|                            | ses:ListEmailIdentities                                 |           |
+|                            | ses:GetEmailIdentity                                    |           |
+|                            | ses:GetEmailIdentityPolicies                            |           |
+|                            | ses:ListEmailTemplates                                  |           |
+|                            | ses:GetEmailTemplate                                    |           |
+|                            | ses:ListImportJobs                                      |           |
+|                            | ses:GetImportJob                                        |           |
+|                            | ses:ListRecommendations                                 |           |
+|                            | ses:ListSuppressedDestinations                          |           |
+|                            | ses:GetSuppressedDestination                            |           |
\ No newline at end of file
diff --git a/main.tf b/main.tf
index 0a5760f..a691cc5 100644
--- a/main.tf
+++ b/main.tf
@@ -115,7 +115,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     actions = ["glacier:ListTagsForVault"]
     resources = ["*"]
   }
-  
+
   statement {
     sid = "WAFREGIONAL"
     actions = ["waf-regional:ListRules",
@@ -155,6 +155,33 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     actions = ["states:ListTagsForResource"]
     resources = ["*"]
   }
+
+  statement {
+    sid = "SES"
+    actions = ["ses:ListContactLists",
+      "ses:GetContactList",
+      "ses:ListContacts",
+      "ses:GetContact",
+      "ses:ListCustomVerificationEmailTemplates",
+      "ses:GetCustomVerificationEmailTemplate",
+      "ses:GetDedicatedIpPool",
+      "ses:GetBlacklistReports",
+      "ses:GetDedicatedIp",
+      "ses:ListDeliverabilityTestReports",
+      "ses:GetDeliverabilityTestReport",
+      "ses:ListEmailIdentities",
+      "ses:GetEmailIdentity",
+      "ses:GetEmailIdentityPolicies",
+      "ses:ListEmailTemplates",
+      "ses:GetEmailTemplate",
+      "ses:ListImportJobs",
+      "ses:GetImportJob",
+      "ses:ListRecommendations",
+      "ses:ListSuppressedDestinations",
+      "ses:GetSuppressedDestination",
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {

From 80a82e6f96ed81012b226d6e07e6d504b4c92ee6 Mon Sep 17 00:00:00 2001
From: Max <lmax@fortinet.com>
Date: Fri, 15 Nov 2024 00:06:48 -0800
Subject: [PATCH 2/6] Revert incorrect changes to ses

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 3873aea..3e7a725 100644
--- a/README.md
+++ b/README.md
@@ -2,10 +2,10 @@
 
 # terraform-aws-config
 
-[![GitHub release](https://img.shields.io/github/release/lacework/terraform-aws-config.svg)](https://github.com/lacework/terraform-aws-config/relea ses/)
+[![GitHub release](https://img.shields.io/github/release/lacework/terraform-aws-config.svg)](https://github.com/lacework/terraform-aws-config/releases/)
 [![Codefresh build status]( https://g.codefresh.io/api/badges/pipeline/lacework/terraform-modules%2Ftest-compatibility?type=cf-1&key=eyJhbGciOiJIUzI1NiJ9.NWVmNTAxOGU4Y2FjOGQzYTkxYjg3ZDEx.RJ3DEzWmBXrJX7m38iExJ_ntGv4_Ip8VTa-an8gBwBo)]( https://g.codefresh.io/pipelines/edit/new/builds?id=607e25e6728f5a6fba30431b&pipeline=test-compatibility&projects=terraform-modules&projectId=607db54b728f5a5f8930405d)
 
-Terraform module for configuring an integration with Lacework and AWS for cloud resource configuration as sessment.
+Terraform module for configuring an integration with Lacework and AWS for cloud resource configuration assessment.
 
 <!-- BEGIN_TF_DOCS -->
 ## Requirements

From fab760ed248961eb44fc13f47f7e3d7308a8a997 Mon Sep 17 00:00:00 2001
From: Max <lmax@fortinet.com>
Date: Fri, 15 Nov 2024 00:09:37 -0800
Subject: [PATCH 3/6] Remove unneeded permissions

---
 main.tf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/main.tf b/main.tf
index a691cc5..a6e8fb6 100644
--- a/main.tf
+++ b/main.tf
@@ -165,8 +165,6 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
       "ses:ListCustomVerificationEmailTemplates",
       "ses:GetCustomVerificationEmailTemplate",
       "ses:GetDedicatedIpPool",
-      "ses:GetBlacklistReports",
-      "ses:GetDedicatedIp",
       "ses:ListDeliverabilityTestReports",
       "ses:GetDeliverabilityTestReport",
       "ses:ListEmailIdentities",

From 4f74d052419af74fb265edcf3edcba745f160d36 Mon Sep 17 00:00:00 2001
From: Max <lmax@fortinet.com>
Date: Fri, 15 Nov 2024 00:09:37 -0800
Subject: [PATCH 4/6] Signing

---
 main.tf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/main.tf b/main.tf
index a691cc5..a6e8fb6 100644
--- a/main.tf
+++ b/main.tf
@@ -165,8 +165,6 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
       "ses:ListCustomVerificationEmailTemplates",
       "ses:GetCustomVerificationEmailTemplate",
       "ses:GetDedicatedIpPool",
-      "ses:GetBlacklistReports",
-      "ses:GetDedicatedIp",
       "ses:ListDeliverabilityTestReports",
       "ses:GetDeliverabilityTestReport",
       "ses:ListEmailIdentities",

From 056b502f5380a3df2684739fe133249141ca8e01 Mon Sep 17 00:00:00 2001
From: Max <lmax@fortinet.com>
Date: Sat, 16 Nov 2024 00:06:26 -0800
Subject: [PATCH 5/6] Revert "Add AWS permission for sesv2 APIS"

This reverts commit 0095691736a82d066d38321e1e4e0d31b495b839.
---
 README.md | 23 +----------------------
 main.tf   | 25 -------------------------
 2 files changed, 1 insertion(+), 47 deletions(-)

diff --git a/README.md b/README.md
index 3e7a725..d20ca14 100644
--- a/README.md
+++ b/README.md
@@ -118,25 +118,4 @@ The audit policy is comprised of the following permissions:
 |                            | codebuild:BatchGetBuilds                                |           |
 | SNS                        | sns:GetDataProtectionPolicy                             | *         |
 |                            | sns:ListPlatformApplications                            |           |
-|                            | sns:GetSubscriptionAttributes                           |           |
-| SES                        | ses:ListContactLists                                    | *         |
-|                            | ses:GetContactList                                      |           |
-|                            | ses:ListContacts                                        |           |
-|                            | ses:GetContact                                          |           |
-|                            | ses:ListCustomVerificationEmailTemplates                |           |
-|                            | ses:GetCustomVerificationEmailTemplate                  |           |
-|                            | ses:GetDedicatedIpPool                                  |           |
-|                            | ses:GetBlacklistReports                                 |           |
-|                            | ses:GetDedicatedIp                                      |           |
-|                            | ses:ListDeliverabilityTestReports                       |           |
-|                            | ses:GetDeliverabilityTestReport                         |           |
-|                            | ses:ListEmailIdentities                                 |           |
-|                            | ses:GetEmailIdentity                                    |           |
-|                            | ses:GetEmailIdentityPolicies                            |           |
-|                            | ses:ListEmailTemplates                                  |           |
-|                            | ses:GetEmailTemplate                                    |           |
-|                            | ses:ListImportJobs                                      |           |
-|                            | ses:GetImportJob                                        |           |
-|                            | ses:ListRecommendations                                 |           |
-|                            | ses:ListSuppressedDestinations                          |           |
-|                            | ses:GetSuppressedDestination                            |           |
\ No newline at end of file
+|                            | sns:GetSubscriptionAttributes                           |           |
\ No newline at end of file
diff --git a/main.tf b/main.tf
index a6e8fb6..7d63f22 100644
--- a/main.tf
+++ b/main.tf
@@ -155,31 +155,6 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     actions = ["states:ListTagsForResource"]
     resources = ["*"]
   }
-
-  statement {
-    sid = "SES"
-    actions = ["ses:ListContactLists",
-      "ses:GetContactList",
-      "ses:ListContacts",
-      "ses:GetContact",
-      "ses:ListCustomVerificationEmailTemplates",
-      "ses:GetCustomVerificationEmailTemplate",
-      "ses:GetDedicatedIpPool",
-      "ses:ListDeliverabilityTestReports",
-      "ses:GetDeliverabilityTestReport",
-      "ses:ListEmailIdentities",
-      "ses:GetEmailIdentity",
-      "ses:GetEmailIdentityPolicies",
-      "ses:ListEmailTemplates",
-      "ses:GetEmailTemplate",
-      "ses:ListImportJobs",
-      "ses:GetImportJob",
-      "ses:ListRecommendations",
-      "ses:ListSuppressedDestinations",
-      "ses:GetSuppressedDestination",
-    ]
-    resources = ["*"]
-  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {

From 95fae539e177f4ec3d0594593db2107af16d4732 Mon Sep 17 00:00:00 2001
From: Max <lmax@fortinet.com>
Date: Sat, 16 Nov 2024 00:07:13 -0800
Subject: [PATCH 6/6] Revert "Remove unneeded permissions"

This reverts commit fab760ed248961eb44fc13f47f7e3d7308a8a997.
---
 main.tf | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/main.tf b/main.tf
index 7d63f22..a691cc5 100644
--- a/main.tf
+++ b/main.tf
@@ -155,6 +155,33 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     actions = ["states:ListTagsForResource"]
     resources = ["*"]
   }
+
+  statement {
+    sid = "SES"
+    actions = ["ses:ListContactLists",
+      "ses:GetContactList",
+      "ses:ListContacts",
+      "ses:GetContact",
+      "ses:ListCustomVerificationEmailTemplates",
+      "ses:GetCustomVerificationEmailTemplate",
+      "ses:GetDedicatedIpPool",
+      "ses:GetBlacklistReports",
+      "ses:GetDedicatedIp",
+      "ses:ListDeliverabilityTestReports",
+      "ses:GetDeliverabilityTestReport",
+      "ses:ListEmailIdentities",
+      "ses:GetEmailIdentity",
+      "ses:GetEmailIdentityPolicies",
+      "ses:ListEmailTemplates",
+      "ses:GetEmailTemplate",
+      "ses:ListImportJobs",
+      "ses:GetImportJob",
+      "ses:ListRecommendations",
+      "ses:ListSuppressedDestinations",
+      "ses:GetSuppressedDestination",
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {