File tree Expand file tree Collapse file tree 1 file changed +14
-18
lines changed
articles/defender-for-cloud Expand file tree Collapse file tree 1 file changed +14
-18
lines changed Original file line number Diff line number Diff line change @@ -376,24 +376,20 @@ The following IAM permissions are needed to discover AWS resources:
376376| Elastic search | es: Describe * <br > es: List * |
377377| EMR – elastic map reduce | elasticmapreduce: Describe * <br > elasticmapreduce: GetBlockPublicAccessConfiguration <br > elasticmapreduce: List * <br > elasticmapreduce: View * |
378378| GuardDute | guardduty: DescribeOrganizationConfiguration <br > guardduty: DescribePublishingDestination <br > guardduty: List * |
379-
380-
381-
382-
383-
384-
385-
386-
387-
388-
389-
390-
391-
392-
393-
394-
395-
396-
379+ | IAM | iam: Generate * <br > iam: Get * <br > iam: List * <br > iam: Simulate * |
380+ | KMS | kms: Describe * <br > kms: List * |
381+ | LAMDBA | lambda: GetPolicy <br > lambda: List * |
382+ | Network firewall | network-firewall: DescribeFirewall <br > network-firewall: DescribeFirewallPolicy <br > network-firewall: DescribeLoggingConfiguration <br > network-firewall: DescribeResourcePolicy <br > network-firewall: DescribeRuleGroup <br > network-firewall: DescribeRuleGroupMetadata <br > network-firewall: ListFirewallPolicies <br > network-firewall: ListFirewalls <br > network-firewall: ListRuleGroups <br > network-firewall: ListTagsForResource |
383+ | RDS | rds: Describe * <br > rds: List * |
384+ | RedShift | redshift: Describe * |
385+ | S3 and S3Control | s3: DescribeJob <br > s3: GetEncryptionConfiguration <br > s3: GetBucketPublicAccessBlock <br > s3: GetBucketTagging <br > s3: GetBucketLogging <br > s3: GetBucketAcl <br > s3: GetBucketLocation <br > s3: GetBucketPolicy <br > s3: GetReplicationConfiguration <br > s3: GetAccountPublicAccessBlock <br > s3: GetObjectAcl <br > s3: GetObjectTagging <br > s3: List * |
386+ | SageMaker | sagemaker: Describe * <br > sagemaker: GetSearchSuggestions <br > sagemaker: List * <br > sagemaker: Search |
387+ | Secret manager | secretsmanager: Describe * <br > secretsmanager: List * |
388+ | Simple notification service – SNS | sns: Check * <br > sns: List * |
389+ | SSM | ssm: Describe * <br > ssm: List * |
390+ | SQS | sqs: List * <br > sqs: Receive * |
391+ | STS | sts: GetCallerIdentity |
392+ | WAF | waf-regional: Get * <br > waf-regional: List * <br > waf: List * <br > wafv2: CheckCapacity <br > wafv2: Describe * <br > wafv2: List * |
397393
398394## Learn more
399395
You can’t perform that action at this time.
0 commit comments